How can I preserve Client Port on CSS

Unanswered Question
Mar 13th, 2012
User Badges:

Hi guys,


I’m wondering if there is a way to configure CSS11503 running 8.10 so that the servers in the content rules can see the client port number??


The servers can see the client IP, but not the port!! It seems when forwarding packets to the servers in the content rule, the CSS uses a new high-number port when communicating with servers.


Thanks

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
wassim.sharbek Fri, 03/16/2012 - 12:46
User Badges:

I opened a case with cisco, and they said that is impossible with CSS. However, it is possible in the ACE with inspection.

rhgtyink Mon, 03/19/2012 - 12:39
User Badges:

I might be wrong, but afaik it depends on the type of balancing method used.

As long as the CSS only needs to nat the destination it won't change the client source port.


As soon as it get's a Layer4 rule it will intercept and setup a new connection and thus cause higher port numbers.

Actions

This Discussion