Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Groups on CSS11150 causes routing to break

I have a CSS setup using 4 interfaces. Interface E1 is connected to our public firewall. This is where the VIP's are for inbound load balancing. E2 is a Vlan with some FTP servers. E5 is a Vlan with some Web servers. E3 is connected to another firewall going to another company using VPN. I have Services setup for FTP, Content rules setup for FTP and Groups setup for FTP and all of this works fine. I need to be able connect from the outside company to the servers in E2 from E3. I can ping from the servers in E2 to servers connected at the other company beyond E3 but I cannot ping from the servers in the other company to servers in E2. If I suspent the Group rule then all works fine but I need the Group for FTP to function properly.

Cisco Employee

Re: Groups on CSS11150 causes routing to break

you can use an ACL to apply the group only for FTP traffic.

What you have to do is remove the services from the group config and then use an acl with the option 'sourcegroup ....' to specify when to nat the traffic.



CreatePlease login to create content