Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
418
Views
0
Helpful
1
Replies

Using source group criteria

y.lo
Level 1
Level 1

‎05-30-2012 02:39 AM

I got below configurations.

!************************** SERVICE **************************

service server1

  protocol udp

  port 22015

  ip address 172.20.117.71

  active

!*************************** OWNER ***************************

owner com

  content rule1

    add service server1

    vip address 192.168.1.10

    protocol udp

    port 464

    active

!*************************** GROUP ***************************

group NAT

  vip address 192.168.1.10

  add service server1

  active

When the server1 initiates outgoing telnet traffic (port 23), the CSS translates the source IP to IP address 192.168.1.10. Is this behavior expected?

As port 22015 is configured under the service server1, so I expect the CSS only performs NAT if the port of the connection is 22015.

Does that mean the CSS does not care about the port of the connection when performing NAT, but only the IP address?

Labels:
0 Helpful
1 Reply 1

Daniel Arrondo Ostiz
Cisco Employee
Cisco Employee

‎05-30-2012 05:30 AM

Hi

Yes, this is the expected behavior. The port is not taken into account for outbound connections. The main reason for that is that, the port defined under the service or the content rule is the port on which the server is listening, but this port will never be used for outbound connections

Regards

Daniel

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents