Solved: Client NAT in CSS11500

UHansen1976 · ‎10-20-2009

Hi,

I'm currently redesigning my portal infrastructure and as such, I need to redo a few things on my CSS. But I can't seem to find anything about Client-NAT on the CSS. I need to NAT/PAT external sessions to an inside RFC1918-address. The config below simply passes the original src.ip through and consequently the session is blocked by the firewall. So far I've been unsuccessfull in finding the proper documentation, so I'm hoping someone here can help me get started.

owner BK019TF

content BK019TF-SSL

vip address a.b.c.d

add service SSLMODULE1

port 443

protocol tcp

active

content BK019TF

redundant-index 142

advanced-balance sticky-srcip

port 4433

protocol tcp

vip address a.b.c.d

add service Misys-ben-3

add service Misys-ben-4

active

Thanks

/Ulrih

Syed Iftekhar Ahmed · ‎10-20-2009

Source groups are used on CSS to NAT the source ip addresses. There could be two scenarios

1. A connection is open to the server.

In this case you need 'add destination service'.

2.The server opens the connection. In this case you need 'add service ...'

Following example will give you some idea of how to implement src NAt with CSS

http://www.cisco.com/en/US/products/hw/contnetw/ps789/products_configuration_example09186a0080093dff.shtml

Thanks

Syed Iftekhar Ahmed

View solution in original post

Syed Iftekhar Ahmed · ‎10-20-2009

Source groups are used on CSS to NAT the source ip addresses. There could be two scenarios

1. A connection is open to the server.

In this case you need 'add destination service'.

2.The server opens the connection. In this case you need 'add service ...'

Following example will give you some idea of how to implement src NAt with CSS

http://www.cisco.com/en/US/products/hw/contnetw/ps789/products_configuration_example09186a0080093dff.shtml

Thanks

Syed Iftekhar Ahmed

UHansen1976 · ‎10-20-2009

Just what I needed. A thousand thanks

/Ulrich