Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Uplink traffic portmap on client destination port

Hi,

I have a problem regarding to the CSS configuration.

In details, I have to configure the following flow on CSS:

server request --> CSS VIP:port1 --> CSS VIP: port1 --> Client:port 2.

Does anyone know how I can configure it?

Thank you.

Best regards.

Giuseppe

4 REPLIES
Cisco Employee

Re: Uplink traffic portmap on client destination port

Giuseppe,

we'll need more details.

Is the server opening a connection with any client ??? or some particular ones ???

We can only portnat if the destination is defined as a service.

Is this TCP or UDP ?

Gilles.

New Member

Re: Uplink traffic portmap on client destination port

Hi Gilles,

Thank you for the answer.

I send you more information.

The connection is HTTP, so TCP.

The flow is terminated on a network like 10.0.0.0/8.

The CSS has to know, when on port 1080 arrive a request to the VIP address from servers, forwarding it to destination network in nql (more network) at port 8081 using the same VIP as source address.

I don't know if I explain well the issue.

Let me know if you need further info.

Thanks.

Regards.

Giuseppe.

Cisco Employee

Re: Uplink traffic portmap on client destination port

reusing the vip ip address is possible.

You need to configure a group with the same vip address.

But you can't specify the source port.

Nating the destination port without nowing the exact destination in advance is not possible.

Except for HTTP.

We can intercept the http request to port 1080 and send an HTTP redirect to the server with a different destination port.

The server will see the new port.

This is not transparent.

Gilles.

New Member

Re: Uplink traffic portmap on client destination port

Hi Gilles,

thank you for your advice.

I just have a group configured for the natting through VIP address.

I thing the same thing but I don't know how to translate that in commands. For HTTP redirect I must configure external networks as services. Is it correct?

Thank you in advance.

Regards.

Giuseppe

135
Views
0
Helpful
4
Replies