Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
673
Views
0
Helpful
3
Replies

CSS11501 Group VIP usage

wong.kenneth
Level 1
Level 1

‎08-15-2004 06:38 AM

I'm using this command in order have to have VIP source ip address.

However, I am confused with the "add service" and "add destination service" under this group command. Reading the documentation adds to the confusion.

How do we use these commands? I want to NAT all source servers which I presume uses "add service"? What does "add destination service" do compared to "add service" ?

Labels:
0 Helpful
3 Replies 3

sagdas
Level 1
Level 1

‎08-16-2004 03:45 AM

Hey Wong,

The 'add destination service' command is used to NAT the soure ip of the users who are coming in and accessing the web servers. The CSS will NAT the source ip to the ip which is specified in the group. This type of configuration is usually used in case of a flat network. This makes sure that the web servers will reply back to the CSS instaed of bypassing it.

The 'add service' command is used when the servers are initiating a connection to the outside of the CSS. This command will NAT the source ip of the packets which go out. The users or the client(outside) cannot see the ip of the server in this case. Thay will see the ip which is specified in the group.

Here is a link which can help you.

http://www.cisco.com/en/US/partner/products/hw/contnetw/ps789/products_configuration_example09186a0080093dff.shtml

Let me know if this helps.

Regards,

Sagar

0 Helpful

wong.kenneth
Level 1
Level 1
In response to sagdas

‎08-17-2004 03:53 AM

Hi Sagar,

thanks for the reply. I am using a one-armed configuration but via two Ethernet ports (same vlan) for in/out traffic on the CSS.

I noticed CSS redirects the traffic to serves using the original source IP but with CSS MAC address.

Wouldn't the server reply to the original source IP via CSS MAC?

How about if I change the server default gateway to CSS instead?

thanks&regards

0 Helpful

sagdas
Level 1
Level 1
In response to wong.kenneth

‎08-17-2004 04:04 AM

Hey Wong,

The CSS will NAT the source ip of the clients if you use the add destination service command in the group.

The default gateway should be the circuit ip of the CSS.

Try the group and check. You can see the flows on the CSS.

Regards,

Sagar

0 Helpful
Customers Also Viewed These Support Documents