11-29-2005 03:45 AM
I have a situation where DNS is being used to direct traffic to either a live or a DR site. As DNS may take time to kick in due to TTL's not being observed and caches etc.... I need to find a solution that can be "quick" for testing purposes... Can the CSS perform a source NAT of traffic (using an ACL) then this traffic would hit a content rule with services (public IPs) of the remote site. Can this all work in one arm mode. (the CSS only has a single front-end connection.
Alternativly, could a sorry server (of the remote site) be added to the existing content rules of the live site? source NATing would still be needed to ensure the Live CSS is not bypassed for return traffic. What would ne the best way to achieve this?
any other ideas?
This is not just HTTP traffic, there are multiple content rules.
Thanks in advance for any assistance.
Jon
Solved! Go to Solution.
12-01-2005 08:18 AM
you actually do everything in one-shot.
You hit the content-rule and the CSS nat source and destination.
This works with a single interface.
This can be done with the sorry-server
Here is an example.
service backup
ip x.x.x.x
owner MyCompany
Content www
vip addr x.x.x.x
add service ...
primarysorryserver backup
active
group SrcNat
vip x.x.x.x
add destination service backup
active
Regards,
Gilles.
Thanks for rating.
12-01-2005 12:20 AM
Jon,
the solution that you describe is what we use in this case when non-http traffic is involved.
This works fine.
As you said, the requirement is to use source-nating to guarantee that the response comes back to the CSS.
Regards,
Gilles.
Thanks for rating.
12-01-2005 01:06 AM
Hi Jilles, Thanks for your response.
Will this work through a single interface? ie, internet traffic hits the CSS, gets SRC NATed, then hits a content rule, gets DAT NATed, and is routed out of the same interface that it entered the CSS on?
Should I SRC NAT it before or after it hits the content rule?
What about the sorry server option? Can that work?
Jon
12-01-2005 08:18 AM
you actually do everything in one-shot.
You hit the content-rule and the CSS nat source and destination.
This works with a single interface.
This can be done with the sorry-server
Here is an example.
service backup
ip x.x.x.x
owner MyCompany
Content www
vip addr x.x.x.x
add service ...
primarysorryserver backup
active
group SrcNat
vip x.x.x.x
add destination service backup
active
Regards,
Gilles.
Thanks for rating.
12-02-2005 07:52 AM
Fantastic...
Thanks for your help.
Jon
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: