Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Can CSS nat a client ip address to a server ip address?

Hi,

Network is below:

fw1

|

css

|

|---fw2-----monitor server

|-------server

Moniter server needs to monitor the interface of fw1 connecting to CSS. The fw1's interface is a public ip address, however, monitor server only can access/monitor private address. So CSS needs to NAT fw1's public address to a private address which in server side.

Is it possible to do that? If can, can provide the sample configs? I am thinking of using ACL or Group but not sure which is the answer.

Thanks.

Jianwen

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Can CSS nat a client ip address to a server ip address?

if the connection is open by the monitor server, what you will need to do is create a content rule that will represent the FW.

Use a local ip for the content rule and then create a service with the firewall public ip.

Add this service to the content rule and "voila" your monitor server can use the local ip to reach the firewall.

If this is udp monitoring, you may also need a group for the other way.

Create a group with the same vip as the content rule and use the command 'add service ' with the FW service.

Gilles.

1 REPLY
Cisco Employee

Re: Can CSS nat a client ip address to a server ip address?

if the connection is open by the monitor server, what you will need to do is create a content rule that will represent the FW.

Use a local ip for the content rule and then create a service with the firewall public ip.

Add this service to the content rule and "voila" your monitor server can use the local ip to reach the firewall.

If this is udp monitoring, you may also need a group for the other way.

Create a group with the same vip as the content rule and use the command 'add service ' with the FW service.

Gilles.

205
Views
0
Helpful
1
Replies