CSS 11506 nat to inside

Answered Question
May 31st, 2010

Hello,

Is it possible that servers behind the CSS to see the source ip address of the request to that of

the CSS in the servers' LAN ?

Example: CSS is connected to the Internet with the ip address 100.100.100.100, has some

servers conencted to it and load balances the connection. The servers' LAN is 192.168.1.0/24 and

the CSS has the 192.168.1.1.

When a connection arrives from 200.200.200.200, from the Internet, I would like the CSS to replace

200.200.200.200 with 192.168.1.1 when it sends the request to a server.

If you need more clarifications, please tell me.

Thank you,

Constantin Blanariu

I have this problem too.
0 votes
Correct Answer by UHansen1976 about 6 years 6 months ago

Hi Constantin,

Admitted, I'm not the leading expert on CSS. But I think a source-group configuration would work for you (it did for me).

A source-group is a collection of services, to which incoming traffic will be NAT'ed to a different address. An example could look like the following:

service websrv1

  ip address 192.168.1.10

  keepalive frequency 60
  redundant-index 10
  keepalive type http
  active

service websrv2

  ip address 192.168.1.11

  keepalive  frequency 60
   redundant-index 11
   keepalive type http
   active

And all you need to do is to create a source-group and define the services, to which you want to NAT incoming traffic:

group websrv-clientnat

  add destination websrv1

  add destination websrv2

  vip address 192.168.1.7

  active

This should do the trick. I'm not sure that you can actually define the CSS-address as the VIP in your group-definition, so you might want to select another address.

hth

/Ulrich

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
UHansen1976 Mon, 05/31/2010 - 07:31

Hi Constantin,

Admitted, I'm not the leading expert on CSS. But I think a source-group configuration would work for you (it did for me).

A source-group is a collection of services, to which incoming traffic will be NAT'ed to a different address. An example could look like the following:

service websrv1

  ip address 192.168.1.10

  keepalive frequency 60
  redundant-index 10
  keepalive type http
  active

service websrv2

  ip address 192.168.1.11

  keepalive  frequency 60
   redundant-index 11
   keepalive type http
   active

And all you need to do is to create a source-group and define the services, to which you want to NAT incoming traffic:

group websrv-clientnat

  add destination websrv1

  add destination websrv2

  vip address 192.168.1.7

  active

This should do the trick. I'm not sure that you can actually define the CSS-address as the VIP in your group-definition, so you might want to select another address.

hth

/Ulrich

Actions

This Discussion

Related Content