cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1573
Views
0
Helpful
2
Replies

CSS 11506 nat to inside

Hello,

Is it possible that servers behind the CSS to see the source ip address of the request to that of

the CSS in the servers' LAN ?

Example: CSS is connected to the Internet with the ip address 100.100.100.100, has some

servers conencted to it and load balances the connection. The servers' LAN is 192.168.1.0/24 and

the CSS has the 192.168.1.1.

When a connection arrives from 200.200.200.200, from the Internet, I would like the CSS to replace

200.200.200.200 with 192.168.1.1 when it sends the request to a server.

If you need more clarifications, please tell me.

Thank you,

Constantin Blanariu

1 Accepted Solution

Accepted Solutions

UHansen1976
Level 1
Level 1

Hi Constantin,

Admitted, I'm not the leading expert on CSS. But I think a source-group configuration would work for you (it did for me).

A source-group is a collection of services, to which incoming traffic will be NAT'ed to a different address. An example could look like the following:

service websrv1

  ip address 192.168.1.10

  keepalive frequency 60
  redundant-index 10
  keepalive type http
  active

service websrv2

  ip address 192.168.1.11

  keepalive  frequency 60
   redundant-index 11
   keepalive type http
   active

And all you need to do is to create a source-group and define the services, to which you want to NAT incoming traffic:

group websrv-clientnat

  add destination websrv1

  add destination websrv2

  vip address 192.168.1.7

  active

This should do the trick. I'm not sure that you can actually define the CSS-address as the VIP in your group-definition, so you might want to select another address.

hth

/Ulrich

View solution in original post

2 Replies 2

UHansen1976
Level 1
Level 1

Hi Constantin,

Admitted, I'm not the leading expert on CSS. But I think a source-group configuration would work for you (it did for me).

A source-group is a collection of services, to which incoming traffic will be NAT'ed to a different address. An example could look like the following:

service websrv1

  ip address 192.168.1.10

  keepalive frequency 60
  redundant-index 10
  keepalive type http
  active

service websrv2

  ip address 192.168.1.11

  keepalive  frequency 60
   redundant-index 11
   keepalive type http
   active

And all you need to do is to create a source-group and define the services, to which you want to NAT incoming traffic:

group websrv-clientnat

  add destination websrv1

  add destination websrv2

  vip address 192.168.1.7

  active

This should do the trick. I'm not sure that you can actually define the CSS-address as the VIP in your group-definition, so you might want to select another address.

hth

/Ulrich

Thank you, Ulrich!

group did the trick!

Constantin

Review Cisco Networking for a $25 gift card