Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1490
Views
0
Helpful
2
Replies

CSS 11506 nat to inside

Go to solution
constantin.blanariu
Level 1
Level 1

‎05-31-2010 03:52 AM

Hello,

Is it possible that servers behind the CSS to see the source ip address of the request to that of

the CSS in the servers' LAN ?

Example: CSS is connected to the Internet with the ip address 100.100.100.100, has some

servers conencted to it and load balances the connection. The servers' LAN is 192.168.1.0/24 and

the CSS has the 192.168.1.1.

When a connection arrives from 200.200.200.200, from the Internet, I would like the CSS to replace

200.200.200.200 with 192.168.1.1 when it sends the request to a server.

If you need more clarifications, please tell me.

Thank you,

Constantin Blanariu

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
UHansen1976
Level 1
Level 1

‎05-31-2010 07:31 AM

Hi Constantin,

Admitted, I'm not the leading expert on CSS. But I think a source-group configuration would work for you (it did for me).

A source-group is a collection of services, to which incoming traffic will be NAT'ed to a different address. An example could look like the following:

service websrv1

  ip address 192.168.1.10

  keepalive frequency 60
  redundant-index 10
  keepalive type http
  active

service websrv2

  ip address 192.168.1.11

  keepalive  frequency 60
   redundant-index 11
   keepalive type http
   active

And all you need to do is to create a source-group and define the services, to which you want to NAT incoming traffic:

group websrv-clientnat

  add destination websrv1

  add destination websrv2

  vip address 192.168.1.7

  active

This should do the trick. I'm not sure that you can actually define the CSS-address as the VIP in your group-definition, so you might want to select another address.

hth

/Ulrich

View solution in original post

0 Helpful
2 Replies 2

Go to solution
UHansen1976
Level 1
Level 1

‎05-31-2010 07:31 AM

Hi Constantin,

Admitted, I'm not the leading expert on CSS. But I think a source-group configuration would work for you (it did for me).

A source-group is a collection of services, to which incoming traffic will be NAT'ed to a different address. An example could look like the following:

service websrv1

  ip address 192.168.1.10

  keepalive frequency 60
  redundant-index 10
  keepalive type http
  active

service websrv2

  ip address 192.168.1.11

  keepalive  frequency 60
   redundant-index 11
   keepalive type http
   active

And all you need to do is to create a source-group and define the services, to which you want to NAT incoming traffic:

group websrv-clientnat

  add destination websrv1

  add destination websrv2

  vip address 192.168.1.7

  active

This should do the trick. I'm not sure that you can actually define the CSS-address as the VIP in your group-definition, so you might want to select another address.

hth

/Ulrich

0 Helpful

Go to solution
constantin.blanariu
Level 1
Level 1
In response to UHansen1976

‎06-08-2010 01:02 AM

Thank you, Ulrich!

group did the trick!

Constantin

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents