Is there any way to NAT all traffic comming from the server to the VIP address on a CSS 11500?
Basically my client wants to send out emails and FTP data from the server behind the CSS on the same IP as the incoming web traffic, however on the ASA I can only NAT the external IP to one address. I need to make sure that the traffic from the servers is natted to the VIP prior to sending to the ASA to allow correct nating.
Create a source group:
vip address a.b.c.d
add service svr1
add service svr2
The source group VIP can match the VIP in a rule. If you need source NAT'ing for clients hitting rules, then use "destination services" in a group. You still need regular [source] services in a group for NAT'ing when servers initiate connections.