Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

CSS - 2 VIPs - one SNAT, one NOT - same real servers

I have a group of 4 servers that service requests from servers in the same subnet, so they and their VIP are in a group configuration causing Source NAT.

<br />

<br />Now, I want Internet traffic to hit those same 4 servers, but not source NAT. I plan this with a new VIP that will not be in a 'group' configuration.

<br />

<br />Can I re-use the same 'service' definitions even though they are referenced with the other VIP in the 'group' section?

1 ACCEPTED SOLUTION

Accepted Solutions

Re: CSS - 2 VIPs - one SNAT, one NOT - same real servers

You can use ACLs to restrict traffic that needs to use the source group.For e.g

Assumption: Your non-Internet traffic is coming from 10.10.0.0/16 network

acl 1

clause 254 permit any any destination any

clause 100 permit any 10.10.0.0 255.255.0.0 destination content/ sourcegroup

Above ACL applied to client VLAN will make CSS use source group for only 10.10.0.0/16 network.

HTH

Syed Iftekhar Ahmed

1 REPLY

Re: CSS - 2 VIPs - one SNAT, one NOT - same real servers

You can use ACLs to restrict traffic that needs to use the source group.For e.g

Assumption: Your non-Internet traffic is coming from 10.10.0.0/16 network

acl 1

clause 254 permit any any destination any

clause 100 permit any 10.10.0.0 255.255.0.0 destination content/ sourcegroup

Above ACL applied to client VLAN will make CSS use source group for only 10.10.0.0/16 network.

HTH

Syed Iftekhar Ahmed

113
Views
0
Helpful
1
Replies