busterswt Mon, 12/28/2009 - 20:47
User Badges:
  • Bronze, 100 points or more

Yes, it can. Treat the remote server like you would any other server sitting behind the CSS when you create the service. However, you will need to create a source group rule, and make use of the 'add destination service' statement to source traffic from the CSS -> server. Whatever IP address is specified within the source group will be the one the CSS uses when source NAT'ing the load balanced traffic on its way to the backend server. This ensures that the remote1 server will respond back to the CSS, which sends the response to the client (after NAT'ing it again) instead of the remote1 server responding directly to the client, which would likely reject the traffic.


Example:


service local1

ip address 192.168.100.1

active


service local2

ip address 192.168.100.2

active


service remote1

ip address 67.192.20.20

active


------


owner vip


content 192.168.100.200-80

ip address 192.168.100.200

port 80

add service local1

add service local2

add service remote1

active


------


group 192.168.100.200-80

ip address 192.168.100.200


add destination service local1

add destination service local2

add destination service remote1

active

Actions

This Discussion