Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Sourcegroup server NAT clarification

Using a CSS11501 in routed mode and we need the servers to have access to the VIPs for testing.

I know we have to NAT the server ip to force the response back through the CSS and I got this working before using:

clause 5 permit any <server ip> destination content <owner>/<rule> sourcegroup <sourcegroupname>

but this time we have multiple content rules using the same VIP address (different tcp ports) that the servers will need access to.

Will the source NAT still work if I specify the VIP ip address instead of the content rule?

e.g:

clause 5 permit any <server ip> destination <VIP address> sourcegroup <sourcegroupname>

If this is feasible it will be quicker as we wouldn't need multiple ACL entries for each content rule.

1 REPLY
Cisco Employee

Re: Sourcegroup server NAT clarification

I have seen cases where it works and where it doesn't work.

Honestly I don't know what should be the right behavior.

So, I would suggest to give it a try.

Gilles.

116
Views
0
Helpful
1
Replies