Cisco Support Community
Community Member

CSS Source NAT


I have CSS in single arm deploymenet model. I am trying to do the exchange server load balancing. But I am facing problem

with the soruce NAT. I dont want to NAT the client IP in VIP.

Exchange team dont want to have Client IP address to be NATTED. They want real Client IP to appear in Exchange so that they can track exact

user IP address for mail replying and tracking.

Please let me know is there any way bypass the source NAT for specific VIP.

Cisco Employee

CSS Source NAT


On CSS, source NAT is normally configured based on the service name, so, if you ensure that the service names are unique per content rule (the IP address may still be the same), you can easily control for which VIPs is nat applied.

Anyway, if you are really using a one-arm setup for all your VIPs, take into account that you will always need either source-nat or another way to send the return traffic back through the CSS or otherwise connections will fail.

I hope this helps


Community Member

CSS Source NAT


I need something like that, I need to hide all servers behind the CSS11501. So, any client will contact the server as follows:

1-          Client initiates the traffic to the VIP which will be forwarded to the servers. Then the server will replay to the client, from VIP to the client. In this case, I need to configure service and content.

2-          Server initiates traffic to the client, the source will be VIP, the destination is client IP. In this case, I need to configure service and group.

Q1: Is that right?

I am facing a problem because some client applications discovered the server IP not VIP, the make failure..

Q2: Where is the problem?

CreatePlease to create content