Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
342
Views
0
Helpful
1
Replies

CSS - 2 VIPs - one SNAT, one NOT - same real servers

Go to solution
Todd Walker
Level 1
Level 1

‎01-28-2009 12:54 PM

I have a group of 4 servers that service requests from servers in the same subnet, so they and their VIP are in a group configuration causing Source NAT.

<br />

<br />Now, I want Internet traffic to hit those same 4 servers, but not source NAT. I plan this with a new VIP that will not be in a 'group' configuration.

<br />

<br />Can I re-use the same 'service' definitions even though they are referenced with the other VIP in the 'group' section?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Syed Iftekhar Ahmed
Level 8
Level 8

‎02-03-2009 10:08 PM

You can use ACLs to restrict traffic that needs to use the source group.For e.g

Assumption: Your non-Internet traffic is coming from 10.10.0.0/16 network

acl 1

clause 254 permit any any destination any

clause 100 permit any 10.10.0.0 255.255.0.0 destination content/ sourcegroup

Above ACL applied to client VLAN will make CSS use source group for only 10.10.0.0/16 network.

HTH

Syed Iftekhar Ahmed

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Syed Iftekhar Ahmed
Level 8
Level 8

‎02-03-2009 10:08 PM

You can use ACLs to restrict traffic that needs to use the source group.For e.g

Assumption: Your non-Internet traffic is coming from 10.10.0.0/16 network

acl 1

clause 254 permit any any destination any

clause 100 permit any 10.10.0.0 255.255.0.0 destination content/ sourcegroup

Above ACL applied to client VLAN will make CSS use source group for only 10.10.0.0/16 network.

HTH

Syed Iftekhar Ahmed

0 Helpful
Customers Also Viewed These Support Documents