CSS 11506 nat to inside

Answered Question
May 31st, 2010
User Badges:

Hello,


Is it possible that servers behind the CSS to see the source ip address of the request to that of

the CSS in the servers' LAN ?


Example: CSS is connected to the Internet with the ip address 100.100.100.100, has some

servers conencted to it and load balances the connection. The servers' LAN is 192.168.1.0/24 and

the CSS has the 192.168.1.1.

When a connection arrives from 200.200.200.200, from the Internet, I would like the CSS to replace

200.200.200.200 with 192.168.1.1 when it sends the request to a server.


If you need more clarifications, please tell me.


Thank you,


Constantin Blanariu

Correct Answer by UHansen1976 about 7 years 21 hours ago

Hi Constantin,


Admitted, I'm not the leading expert on CSS. But I think a source-group configuration would work for you (it did for me).


A source-group is a collection of services, to which incoming traffic will be NAT'ed to a different address. An example could look like the following:


service websrv1

  ip address 192.168.1.10

  keepalive frequency 60
  redundant-index 10
  keepalive type http
  active


service websrv2

  ip address 192.168.1.11

  keepalive  frequency 60
   redundant-index 11
   keepalive type http
   active


And all you need to do is to create a source-group and define the services, to which you want to NAT incoming traffic:


group websrv-clientnat

  add destination websrv1

  add destination websrv2

  vip address 192.168.1.7

  active


This should do the trick. I'm not sure that you can actually define the CSS-address as the VIP in your group-definition, so you might want to select another address.


hth


/Ulrich

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
UHansen1976 Mon, 05/31/2010 - 07:31
User Badges:
  • Bronze, 100 points or more

Hi Constantin,


Admitted, I'm not the leading expert on CSS. But I think a source-group configuration would work for you (it did for me).


A source-group is a collection of services, to which incoming traffic will be NAT'ed to a different address. An example could look like the following:


service websrv1

  ip address 192.168.1.10

  keepalive frequency 60
  redundant-index 10
  keepalive type http
  active


service websrv2

  ip address 192.168.1.11

  keepalive  frequency 60
   redundant-index 11
   keepalive type http
   active


And all you need to do is to create a source-group and define the services, to which you want to NAT incoming traffic:


group websrv-clientnat

  add destination websrv1

  add destination websrv2

  vip address 192.168.1.7

  active


This should do the trick. I'm not sure that you can actually define the CSS-address as the VIP in your group-definition, so you might want to select another address.


hth


/Ulrich

Actions

This Discussion

Related Content