Using a CSS11501 in routed mode and we need the servers to have access to the VIPs for testing.
I know we have to NAT the server ip to force the response back through the CSS and I got this working before using:
clause 5 permit any <server ip> destination content <owner>/<rule> sourcegroup <sourcegroupname>
but this time we have multiple content rules using the same VIP address (different tcp ports) that the servers will need access to.
Will the source NAT still work if I specify the VIP ip address instead of the content rule?
clause 5 permit any <server ip> destination <VIP address> sourcegroup <sourcegroupname>
If this is feasible it will be quicker as we wouldn't need multiple ACL entries for each content rule.