topic NAT on a css using VIP/Interface redundancy in Application Networking https://community.cisco.com/t5/application-networking/nat-on-a-css-using-vip-interface-redundancy/m-p/354168#M5941 <P>I have two css-11151's set up using VIP and</P><P>interface redundancy in an active/backup</P><P>configuration. We are using source groups</P><P>to NAT all outgoing connections to a single</P><P>ip. Config looks like this:</P><P></P><P>Primary css:</P><P></P><P>group nat-clients</P><P> vip address 192.168.1.10</P><P> active</P><P></P><P>clause 50 permit any 192.168.100.0 255.255.255.0 destination any sourcegroup nat-clients</P><P></P><P></P><P>Secondary css:</P><P></P><P>group nat-clients</P><P> vip address 192.168.1.10</P><P> active</P><P></P><P>clause 50 permit any 192.168.100.0 255.255.255.0 destination any sourcegroup nat-clients</P><P></P><P>My question is, is there a way to make</P><P>the source groups redundant? I am not</P><P>allowed to unless there is a content</P><P>rule associated with the ip used in the</P><P>source group. Doing a "sh group" on each</P><P>css shows that both groups are active/not</P><P>redundant. On occasion I will see duplicate</P><P>ip address messages in the logs but NAT works regardless.</P><P></P><P>Thanks </P><P>-Dan</P> Thu, 06 Jan 2005 16:29:24 GMT dbjelf 2005-01-06T16:29:24Z NAT on a css using VIP/Interface redundancy https://community.cisco.com/t5/application-networking/nat-on-a-css-using-vip-interface-redundancy/m-p/354168#M5941 <P>I have two css-11151's set up using VIP and</P><P>interface redundancy in an active/backup</P><P>configuration. We are using source groups</P><P>to NAT all outgoing connections to a single</P><P>ip. Config looks like this:</P><P></P><P>Primary css:</P><P></P><P>group nat-clients</P><P> vip address 192.168.1.10</P><P> active</P><P></P><P>clause 50 permit any 192.168.100.0 255.255.255.0 destination any sourcegroup nat-clients</P><P></P><P></P><P>Secondary css:</P><P></P><P>group nat-clients</P><P> vip address 192.168.1.10</P><P> active</P><P></P><P>clause 50 permit any 192.168.100.0 255.255.255.0 destination any sourcegroup nat-clients</P><P></P><P>My question is, is there a way to make</P><P>the source groups redundant? I am not</P><P>allowed to unless there is a content</P><P>rule associated with the ip used in the</P><P>source group. Doing a "sh group" on each</P><P>css shows that both groups are active/not</P><P>redundant. On occasion I will see duplicate</P><P>ip address messages in the logs but NAT works regardless.</P><P></P><P>Thanks </P><P>-Dan</P> Thu, 06 Jan 2005 16:29:24 GMT https://community.cisco.com/t5/application-networking/nat-on-a-css-using-vip-interface-redundancy/m-p/354168#M5941 dbjelf 2005-01-06T16:29:24Z Re: NAT on a css using VIP/Interface redundancy https://community.cisco.com/t5/application-networking/nat-on-a-css-using-vip-interface-redundancy/m-p/354169#M5942 <HTML><HEAD></HEAD><BODY><P>Dan,</P><P></P><P>I believe you can.</P><P>Just configure an 'ip redudant-vip XX 192.168.1.10' under the appropriate circuit.</P><P></P><P>Let me know if that does not work.</P><P></P><P>Regards,</P><P></P><P>Gilles.</P></BODY></HTML> Fri, 07 Jan 2005 14:11:23 GMT https://community.cisco.com/t5/application-networking/nat-on-a-css-using-vip-interface-redundancy/m-p/354169#M5942 Gilles Dufour 2005-01-07T14:11:23Z Re: NAT on a css using VIP/Interface redundancy https://community.cisco.com/t5/application-networking/nat-on-a-css-using-vip-interface-redundancy/m-p/354170#M5943 <HTML><HEAD></HEAD><BODY><P>Hi Gilles, when I do 'ip redudant-vip XX 192.168.1.10' I get this:</P><P></P><P>%% Could not find content rule for specified VIP address.</P><P></P><P>-Dan</P></BODY></HTML> Fri, 07 Jan 2005 14:19:09 GMT https://community.cisco.com/t5/application-networking/nat-on-a-css-using-vip-interface-redundancy/m-p/354170#M5943 dbjelf 2005-01-07T14:19:09Z Re: NAT on a css using VIP/Interface redundancy https://community.cisco.com/t5/application-networking/nat-on-a-css-using-vip-interface-redundancy/m-p/354171#M5944 <HTML><HEAD></HEAD><BODY><P>Hi Dan,</P><P></P><P>What version of WebNS are you running? This looks like bug id CSCdz49395. I was able to ge this working on 7.10 b305:</P><P></P><P>CSS11506# sh run</P><P>!Generated on 01/07/2005 08:27:39</P><P>!Active version: sg0710305</P><P></P><P>configure</P><P></P><P></P><P>!************************** CIRCUIT **************************</P><P>circuit VLAN1</P><P></P><P> ip address 1.1.1.2 255.255.255.0 </P><P> ip virtual-router 1 </P><P> ip redundant-vip 1 1.1.1.1 </P><P></P><P>!*************************** GROUP ***************************</P><P>group TEST </P><P> vip address 1.1.1.1 </P><P></P><P>CSS11506# </P><P></P><P>~Zach</P></BODY></HTML> Fri, 07 Jan 2005 15:31:38 GMT https://community.cisco.com/t5/application-networking/nat-on-a-css-using-vip-interface-redundancy/m-p/354171#M5944 seilsz 2005-01-07T15:31:38Z Re: NAT on a css using VIP/Interface redundancy https://community.cisco.com/t5/application-networking/nat-on-a-css-using-vip-interface-redundancy/m-p/354172#M5945 <HTML><HEAD></HEAD><BODY><P>Ooh thanks Zach. That looks like my problem.</P><P></P><P>-Dan</P></BODY></HTML> Fri, 07 Jan 2005 21:41:46 GMT https://community.cisco.com/t5/application-networking/nat-on-a-css-using-vip-interface-redundancy/m-p/354172#M5945 dbjelf 2005-01-07T21:41:46Z