Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Cisco CSS how to turn off Source NAT?


A question to load balancer officionados:

We currently have a CSS operating in a 'one-armed design', however this performs Source NAT so that return traffic from web servers goes back through the CSS.

The problem is that we have a requirement to log and filter source addresses on the web servers.

I have found some references mentioning that this is possible using Direct Server Return (it seems to employ dispatch mode to do this).

Does anyone have any experience, better ideas, thoughts on such a design & how to accomplish it, etc.

Any replies are appreciated.

Cisco Employee

Re: Cisco CSS how to turn off Source NAT?


The CSS is not able to perform DSR, what you can do to remove source NATing is remove the groups and configure the CSS as the default gateway of the servers.

This is usually a configuration implemented when using in-line style, however should work fine on one-arm. Also disable ICMP redirects on the CSS to avoid causing the asymmetric flows.

You can disable the ICMP redirects with this command on the VLAN configuration:

CSS(config-circuit-ip[VLAN112-])# no redirects

Hope it helps!!

CreatePlease to create content