cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
334
Views
0
Helpful
1
Replies

CSS - 2 VIPs - one SNAT, one NOT - same real servers

Todd Walker
Level 1
Level 1

I have a group of 4 servers that service requests from servers in the same subnet, so they and their VIP are in a group configuration causing Source NAT.

<br />

<br />Now, I want Internet traffic to hit those same 4 servers, but not source NAT. I plan this with a new VIP that will not be in a 'group' configuration.

<br />

<br />Can I re-use the same 'service' definitions even though they are referenced with the other VIP in the 'group' section?

1 Accepted Solution

Accepted Solutions

You can use ACLs to restrict traffic that needs to use the source group.For e.g

Assumption: Your non-Internet traffic is coming from 10.10.0.0/16 network

acl 1

clause 254 permit any any destination any

clause 100 permit any 10.10.0.0 255.255.0.0 destination content/ sourcegroup

Above ACL applied to client VLAN will make CSS use source group for only 10.10.0.0/16 network.

HTH

Syed Iftekhar Ahmed

View solution in original post

1 Reply 1

You can use ACLs to restrict traffic that needs to use the source group.For e.g

Assumption: Your non-Internet traffic is coming from 10.10.0.0/16 network

acl 1

clause 254 permit any any destination any

clause 100 permit any 10.10.0.0 255.255.0.0 destination content/ sourcegroup

Above ACL applied to client VLAN will make CSS use source group for only 10.10.0.0/16 network.

HTH

Syed Iftekhar Ahmed

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: