Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
483
Views
0
Helpful
4
Replies

redirect traffic to a DR site

Go to solution
jonhall01
Level 1
Level 1

‎11-29-2005 03:45 AM

I have a situation where DNS is being used to direct traffic to either a live or a DR site. As DNS may take time to kick in due to TTL's not being observed and caches etc.... I need to find a solution that can be "quick" for testing purposes... Can the CSS perform a source NAT of traffic (using an ACL) then this traffic would hit a content rule with services (public IPs) of the remote site. Can this all work in one arm mode. (the CSS only has a single front-end connection.

Alternativly, could a sorry server (of the remote site) be added to the existing content rules of the live site? source NATing would still be needed to ensure the Live CSS is not bypassed for return traffic. What would ne the best way to achieve this?

any other ideas?

This is not just HTTP traffic, there are multiple content rules.

Thanks in advance for any assistance.

Jon

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Gilles Dufour
Cisco Employee
Cisco Employee
In response to jonhall01

‎12-01-2005 08:18 AM

you actually do everything in one-shot.

You hit the content-rule and the CSS nat source and destination.

This works with a single interface.

This can be done with the sorry-server

Here is an example.

service backup

ip x.x.x.x

owner MyCompany

Content www

vip addr x.x.x.x

add service ...

primarysorryserver backup

active

group SrcNat

vip x.x.x.x

add destination service backup

active

Regards,

Gilles.

Thanks for rating.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Gilles Dufour
Cisco Employee
Cisco Employee

‎12-01-2005 12:20 AM

Jon,

the solution that you describe is what we use in this case when non-http traffic is involved.

This works fine.

As you said, the requirement is to use source-nating to guarantee that the response comes back to the CSS.

Regards,

Gilles.

Thanks for rating.

0 Helpful

Go to solution
jonhall01
Level 1
Level 1
In response to Gilles Dufour

‎12-01-2005 01:06 AM

Hi Jilles, Thanks for your response.

Will this work through a single interface? ie, internet traffic hits the CSS, gets SRC NATed, then hits a content rule, gets DAT NATed, and is routed out of the same interface that it entered the CSS on?

Should I SRC NAT it before or after it hits the content rule?

What about the sorry server option? Can that work?

Jon

0 Helpful

Go to solution
Gilles Dufour
Cisco Employee
Cisco Employee
In response to jonhall01

‎12-01-2005 08:18 AM

you actually do everything in one-shot.

You hit the content-rule and the CSS nat source and destination.

This works with a single interface.

This can be done with the sorry-server

Here is an example.

service backup

ip x.x.x.x

owner MyCompany

Content www

vip addr x.x.x.x

add service ...

primarysorryserver backup

active

group SrcNat

vip x.x.x.x

add destination service backup

active

Regards,

Gilles.

Thanks for rating.

0 Helpful

Go to solution
jonhall01
Level 1
Level 1
In response to Gilles Dufour

‎12-02-2005 07:52 AM

Fantastic...

Thanks for your help.

Jon

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents