Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
598
Views
0
Helpful
1
Replies

Sourcegroup server NAT clarification

simon.allen
Level 1
Level 1

‎05-02-2008 07:31 AM

Using a CSS11501 in routed mode and we need the servers to have access to the VIPs for testing.

I know we have to NAT the server ip to force the response back through the CSS and I got this working before using:

clause 5 permit any <server ip> destination content <owner>/<rule> sourcegroup <sourcegroupname>

but this time we have multiple content rules using the same VIP address (different tcp ports) that the servers will need access to.

Will the source NAT still work if I specify the VIP ip address instead of the content rule?

e.g:

clause 5 permit any <server ip> destination <VIP address> sourcegroup <sourcegroupname>

If this is feasible it will be quicker as we wouldn't need multiple ACL entries for each content rule.

Labels:
0 Helpful
1 Reply 1

Gilles Dufour
Cisco Employee
Cisco Employee

‎05-02-2008 11:59 AM

I have seen cases where it works and where it doesn't work.

Honestly I don't know what should be the right behavior.

So, I would suggest to give it a try.

Gilles.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents