I would like to have my server (behind CSS) initiate connections to a database server with its private address. (database server is on my internal network, css is on my DMZ) I would also like the server to initiate connections to the Internet with the public VIP address. I have tried to configure source groups for this server and that works, but it NAT's all connections from the server. Is there a way to configure the source group to look at the destination address or destination port and only NAT connections that aren't destined for this particular address or port?
Topology & Design:
Two ACI fabrics
Stretching VLANs using OTV
Both fabrics are advertising BD subnets into same routing domain
Some BDs(or say VLANs) are stretched, but some are not.
Endpoints can move betwee...
VMware Trunk Port Group is supported from ACI version 2.1
VMM integration must be configured properly
ASA device package must be uploaded to APIC
ASAv version must be compatible with ACI and device package version
Topology &Design:Traffic flow within same fabric:Endpoint moves to Fabric-2Bounce Entry Times OutTraffic Black-holedSummarySolutionAppendix:
In the Previous articles of ACI Automation, we are using Postman/Newman a...