01-28-2009 12:54 PM
I have a group of 4 servers that service requests from servers in the same subnet, so they and their VIP are in a group configuration causing Source NAT.
<br />
<br />Now, I want Internet traffic to hit those same 4 servers, but not source NAT. I plan this with a new VIP that will not be in a 'group' configuration.
<br />
<br />Can I re-use the same 'service' definitions even though they are referenced with the other VIP in the 'group' section?
Solved! Go to Solution.
02-03-2009 10:08 PM
You can use ACLs to restrict traffic that needs to use the source group.For e.g
Assumption: Your non-Internet traffic is coming from 10.10.0.0/16 network
acl 1
clause 254 permit any any destination any
clause 100 permit any 10.10.0.0 255.255.0.0 destination content
Above ACL applied to client VLAN will make CSS use source group for only 10.10.0.0/16 network.
HTH
Syed Iftekhar Ahmed
02-03-2009 10:08 PM
You can use ACLs to restrict traffic that needs to use the source group.For e.g
Assumption: Your non-Internet traffic is coming from 10.10.0.0/16 network
acl 1
clause 254 permit any any destination any
clause 100 permit any 10.10.0.0 255.255.0.0 destination content
Above ACL applied to client VLAN will make CSS use source group for only 10.10.0.0/16 network.
HTH
Syed Iftekhar Ahmed
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: