Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Use of content rule vs source group for NATing

To NAT outgoing flows out of two servers, is it necessary to define a content rule and source group (or is just a source group sufficient?).

Having trouble with Option 2.

Option 1:

service svr1

ip address 192.168.10.1

no port

protocol tcp

active

Also does CSS do NAPT i.e. alter the source port number for outgoing packets from source groups?

service svr2

ip address 192.168.10.2

no port

protocol tcp

active

content outflows

protocol tcp

add service svr1

add service svr2

vip address <externalip>

active

group outgrp

vip address <external ip>

add service svr1

add service svr2

active

<add appropriate acl>

Option 2:

service svr1

ip address 192.168.10.1

no port

protocol tcp

active

service svr2

ip address 192.168.10.2

no port

protocol tcp

active

group outgrp

vip address <external ip>

add service svr1

add service svr2

active

<add appropriate acl>

  • Application Networking
1 REPLY
Cisco Employee

Re: Use of content rule vs source group for NATing

to nat connections initiated by the server, you only need a source group.

No need for a content rule.

The CSS will port nat.

Gilles.

122
Views
0
Helpful
1
Replies
This widget could not be displayed.