Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Using source group criteria

I got below configurations.

!************************** SERVICE **************************

service server1

  protocol udp

  port 22015

  ip address 172.20.117.71

  active

!*************************** OWNER ***************************

owner com

  content rule1

    add service server1

    vip address 192.168.1.10

    protocol udp

    port 464

    active

!*************************** GROUP ***************************

group NAT

  vip address 192.168.1.10

  add service server1

  active

When the server1 initiates outgoing telnet traffic (port 23), the CSS translates the source IP to IP address 192.168.1.10. Is this behavior expected?

As port 22015 is configured under the service server1, so I expect the CSS only performs NAT if the port of the connection is 22015.

Does that mean the CSS does not care about the port of the connection when performing NAT, but only the IP address?

Everyone's tags (1)
1 REPLY
Cisco Employee

Using source group criteria

Hi

Yes, this is the expected behavior. The port is not taken into account for outbound connections. The main reason for that is that, the port defined under the service or the content rule is the port on which the server is listening, but this port will never be used for outbound connections

Regards

Daniel

256
Views
0
Helpful
1
Replies
CreatePlease to create content