06-09-2005 02:22 PM
All,
Can anyone point me to some basic NAT setup information?
I have a pair of 11501 CSS boxes running in ASR failover mode. All is well on this front.
All I am trying to do is to allow the web servers on VLAN 2 (Private side) to be able to use http/https via PAT or NAT on VLAN 1 (Public side), so that the server admins can patch the servers at Microsoft.
I haven't been able to find any really clear documentation on how best to accomplish this.
I tried to implement some of the solutions I read in the forum, but ended up locking myself out of the box. :)
These are production boxes, so I am a little hard pressed to keep on experimenting.
Thanks in advance for any help.
06-10-2005 02:57 AM
All you need is a group with the command 'add service
Ie
group natout
vip x.x.x.x [public ip]
add service server1
add service server2
inservice
If you already use a group to do client nat with this same servers, you won't be able to configure this group.
You will need to play with ACL to tell the CSS when to use client nat and when to use the group above.
Regards,
Gilles.
06-10-2005 03:10 AM
If you need to translate the IP addresses of web-servers, you need to configure sourse groupe:
http://www.cisco.com/univercd/cc/td/doc/product/webscale/css/css_750/cntlbgd/sgrp.htm
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide