CSS - 2 VIPs - one SNAT, one NOT - same real servers

Answered Question
Jan 28th, 2009

I have a group of 4 servers that service requests from servers in the same subnet, so they and their VIP are in a group configuration causing Source NAT.

<br />

<br />Now, I want Internet traffic to hit those same 4 servers, but not source NAT. I plan this with a new VIP that will not be in a 'group' configuration.

<br />

<br />Can I re-use the same 'service' definitions even though they are referenced with the other VIP in the 'group' section?

I have this problem too.
0 votes
Correct Answer by Syed Iftekhar Ahmed about 7 years 10 months ago

You can use ACLs to restrict traffic that needs to use the source group.For e.g

Assumption: Your non-Internet traffic is coming from 10.10.0.0/16 network

acl 1

clause 254 permit any any destination any

clause 100 permit any 10.10.0.0 255.255.0.0 destination content/ sourcegroup

Above ACL applied to client VLAN will make CSS use source group for only 10.10.0.0/16 network.

HTH

Syed Iftekhar Ahmed

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Syed Iftekhar Ahmed Tue, 02/03/2009 - 22:08

You can use ACLs to restrict traffic that needs to use the source group.For e.g

Assumption: Your non-Internet traffic is coming from 10.10.0.0/16 network

acl 1

clause 254 permit any any destination any

clause 100 permit any 10.10.0.0 255.255.0.0 destination content/ sourcegroup

Above ACL applied to client VLAN will make CSS use source group for only 10.10.0.0/16 network.

HTH

Syed Iftekhar Ahmed

Actions

This Discussion