NAT on a css using VIP/Interface redundancy

dbjelf · ‎01-06-2005

I have two css-11151's set up using VIP and

interface redundancy in an active/backup

configuration. We are using source groups

to NAT all outgoing connections to a single

ip. Config looks like this:

Primary css:

group nat-clients

vip address 192.168.1.10

active

clause 50 permit any 192.168.100.0 255.255.255.0 destination any sourcegroup nat-clients

Secondary css:

group nat-clients

vip address 192.168.1.10

active

clause 50 permit any 192.168.100.0 255.255.255.0 destination any sourcegroup nat-clients

My question is, is there a way to make

the source groups redundant? I am not

allowed to unless there is a content

rule associated with the ip used in the

source group. Doing a "sh group" on each

css shows that both groups are active/not

redundant. On occasion I will see duplicate

ip address messages in the logs but NAT works regardless.

Thanks

-Dan

Gilles Dufour · ‎01-07-2005

Dan,

I believe you can.

Just configure an 'ip redudant-vip XX 192.168.1.10' under the appropriate circuit.

Let me know if that does not work.

Regards,

Gilles.

dbjelf · ‎01-07-2005

Hi Gilles, when I do 'ip redudant-vip XX 192.168.1.10' I get this:

%% Could not find content rule for specified VIP address.

-Dan

seilsz · ‎01-07-2005

Hi Dan,

What version of WebNS are you running? This looks like bug id CSCdz49395. I was able to ge this working on 7.10 b305:

CSS11506# sh run

!Generated on 01/07/2005 08:27:39

!Active version: sg0710305

configure

!************************** CIRCUIT **************************

circuit VLAN1

ip address 1.1.1.2 255.255.255.0

ip virtual-router 1

ip redundant-vip 1 1.1.1.1

!*************************** GROUP ***************************

group TEST

vip address 1.1.1.1

CSS11506#

~Zach

dbjelf · ‎01-07-2005

Ooh thanks Zach. That looks like my problem.

-Dan