Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
289
Views
0
Helpful
1
Replies

Groups on CSS11150 causes routing to break

mjhagen
Level 1
Level 1

‎02-01-2006 02:33 PM

I have a CSS setup using 4 interfaces. Interface E1 is connected to our public firewall. This is where the VIP's are for inbound load balancing. E2 is a Vlan with some FTP servers. E5 is a Vlan with some Web servers. E3 is connected to another firewall going to another company using VPN. I have Services setup for FTP, Content rules setup for FTP and Groups setup for FTP and all of this works fine. I need to be able connect from the outside company to the servers in E2 from E3. I can ping from the servers in E2 to servers connected at the other company beyond E3 but I cannot ping from the servers in the other company to servers in E2. If I suspent the Group rule then all works fine but I need the Group for FTP to function properly.

Labels:
0 Helpful
1 Reply 1

Gilles Dufour
Cisco Employee
Cisco Employee

‎02-01-2006 03:37 PM

you can use an ACL to apply the group only for FTP traffic.

What you have to do is remove the services from the group config and then use an acl with the option 'sourcegroup ....' to specify when to nat the traffic.

Regards,

Gilles.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents