Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

using nql...

Hi,

I have to configure two CSS11503 to forward the connection request from two servers to CPEs. The problem is that the CPEs are in various subnets.

Now, I think that I can't use the service and the group command but the nql command.

Could anyone tell me if that it's correct? If not, how can I configure that?

Thank you very much.

Best regards.

G.

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: using nql...

you can use group and service but in this case the CSS will nat all traffic from the services, not just the traffic sent to the CPE.

If you want to limit nating to some destination only, you need to use acl.

NQL are not really necessary.

An ACL to achieve what you need will look like this :

acl 1

clause 10 permit any destination sourcegroup

clause 99 permit any any destination any

apply VLAN...

Match the source and destination for which you need nating and insert as many clauses as necessary.

Gilles.

1 REPLY
Cisco Employee

Re: using nql...

you can use group and service but in this case the CSS will nat all traffic from the services, not just the traffic sent to the CPE.

If you want to limit nating to some destination only, you need to use acl.

NQL are not really necessary.

An ACL to achieve what you need will look like this :

acl 1

clause 10 permit any destination sourcegroup

clause 99 permit any any destination any

apply VLAN...

Match the source and destination for which you need nating and insert as many clauses as necessary.

Gilles.

135
Views
0
Helpful
1
Replies
CreatePlease to create content