Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
417
Views
5
Helpful
1
Replies

CSS - ACL vs SourceGroup (Destination Service)

andrew.thomson
Level 1
Level 1

‎04-05-2005 08:35 AM

We have a one armed CSS configuration that needs to do source NAT for simple Content Rule to backend server balancing.

So we have configured services, included those services in a content rule and configured a group with the services as destination services.

This works fine until we want to add a new service. When we add the service to the content rule, it also needs to be added to a group. However, to add a destination service to a group you have to suspend the group (also for the remove). We think this leads to potential disruption of service. Is that correct?

So would a better way be to configure the group with a VIP but no destination services and rely on an acl clause to "permit" traffic to the content rule with the source group specified?

Am I right in thinking I can now add and remove services from the rule without having to do anything else and therefore preserve connectivity for all existing connections?

What are the likely pitfalls, if any?

Labels:
0 Helpful
1 Reply 1

Gilles Dufour
Cisco Employee
Cisco Employee

‎04-05-2005 11:32 PM

you are 100% correct here and I like your idea of the ACL to solve the problem.

I can't think of any issue doing this.

Gilles.

Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card