Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

CSS and NAT problems (easy one?)

Hi,

I am trying the simplest of configurations, attempting to Load-Balance traffic using two servers and a single CSS. I am using "Routed" mode, but am experiencing problems with NAT. I am new to the world of CSSs.

I have two servers that have the VIP 80.80.80.230. All traffic is initiated from the client-side (public) and talks to this VIP address. All RETURN traffic must be NATed (by the CSS) with this VIP address. I would expect:-

CLIENT (PUBLIC) -----> 80.80.80.230 (SERVER-VIP)

CLIENT (PUBLIC) <----- 80.80.80.230 (SERVER-VIP)

However, this configuration does not seem to work for me. When I sniff, I see the return traffic is NOT being NATed ....I see the following :

CLIENT (PUBLIC) ----------------------> 80.80.80.230

CLIENT (PUBLIC) <----------------------10.10.10.2

Here is my config :

ip route 0.0.0.0 0.0.0.0 80.80.80.225 1

!************************* INTERFACE *************************

interface e2

bridge vlan 2

!************************** CIRCUIT **************************

circuit VLAN1

ip address 80.80.80.227 255.255.255.240

circuit VLAN2

ip address 10.10.10.1 255.255.255.0

!************************** SERVICE **************************

service server1

ip address 10.10.10.2

port 5060

active

service server2

ip address 10.10.10.3

port 5060

!*************************** OWNER

owner me

content lbal

port 5060

protocol udp

vip address 80.80.80.230

add service server1

add service server2

application sip

active

!*************************** GROUP

group clients-group

vip address 80.80.80.230

add service server1

add service server2

active

CSS11501 /Version 7.4

I have tried this config with and without the NAT Group (clients-group) but to no avail.

Please please can someone stop me from going crazy with this. Any help really apprectaied.

Grazie !

Matt

1 REPLY
Cisco Employee

Re: CSS and NAT problems (easy one?)

Hi Matt,

On the group use "add destination service" instead of "add service". That will do source NATing of traffic hitting the VIP.

Looks like this:

group clients-group

vip address 80.80.80.230

add destination service server1

add destination service server2

active

Diego

120
Views
0
Helpful
1
Replies
CreatePlease login to create content