Solved: Can CSS nat a client ip address to a server ip address?

gaojianwen · ‎09-17-2006

Hi,

Network is below:

fw1

|

css

|

|---fw2-----monitor server

|-------server

Moniter server needs to monitor the interface of fw1 connecting to CSS. The fw1's interface is a public ip address, however, monitor server only can access/monitor private address. So CSS needs to NAT fw1's public address to a private address which in server side.

Is it possible to do that? If can, can provide the sample configs? I am thinking of using ACL or Group but not sure which is the answer.

Thanks.

Jianwen

Gilles Dufour · ‎09-18-2006

if the connection is open by the monitor server, what you will need to do is create a content rule that will represent the FW.

Use a local ip for the content rule and then create a service with the firewall public ip.

Add this service to the content rule and "voila" your monitor server can use the local ip to reach the firewall.

If this is udp monitoring, you may also need a group for the other way.

Create a group with the same vip as the content rule and use the command 'add service ' with the FW service.

Gilles.

View solution in original post

Gilles Dufour · ‎09-18-2006