Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Best practice for Source NATTING ?

Is there a general design rule for configuring source NATing ? Is it best to configure the CSS is one/two armed mode.

What are the perfomance limitations in doing this ?

Can soure NATed and non source NATed content rules be configured on the CSS with no impact ?

Cheers, Mike

1 REPLY
Silver

Re: Best practice for Source NATTING ?

Source groups translate the source address of packets from back-end services before forwarding them. When a flow is originated from the back-end server with a private address, the request appears to come from the public Virtual IP (VIP) of the source group. You can also use source groups (with Access Lists (ACLs)) to translate clients' private IP addresses (which reside on the back-end of the CSS) to a public IP address (the VIP).

The use of this type of source group is useful when setting up a one-armed configuration where client and server traffic flows through the same CSS switch. For more information read the following document.

http://www.cisco.com/en/US/products/hw/contnetw/ps789/products_tech_note09186a0080093dfc.shtml

273
Views
0
Helpful
1
Replies
CreatePlease to create content