Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

CSS11500 NAT Question

Traffic orginating from service addresses are not being NAT'd to the VIP address - is this normal?

3 REPLIES
New Member

Re: CSS11500 NAT Question

Yes this is normal.

New Member

Re: CSS11500 NAT Question

Yes if you want to nat traffic originating from servers "behind" a VIP you have to setup group ACLs to make that work.

Cisco Employee

Re: CSS11500 NAT Question

what you need is a group config with a vip matching your content rule vip and use 'add service' under the group to add all the servers that should be nated.

No need for acl at this point.

ACL are only required if you sometimes need nat and sometimes you don't.

Here is a link to documentation.

http://www.cisco.com/en/US/products/hw/contnetw/ps789/products_command_reference_chapter09186a00800e4515.html#wp1674400

Gilles.

156
Views
0
Helpful
3
Replies
CreatePlease login to create content