Nat

fabrice.demierre · ‎07-29-2005

Hi,

Somebody can explain me the following line.I don't understand how I can to do that. The server 192.168.31.18 don't arrive to connect in smtp to the server 192.168.5.137.

Thanks

--------------- ----- --------------- ----- --------------- --- ------- ------

Src Address SPort Dst Address DPort NAT Dst Address Prt InPort OutPort

--------------- ----- --------------- ----- --------------- --- ------- ------

192.168.31.18 10749 192.168.5.137 25 192.168.31.17 TCP 1/1-56 1/1-56

Gilles Dufour · ‎07-29-2005

you're going from 31.18 to 5.137 which is loadbalanced to 31.17.

31.17 and 31.18 are in the same vlan [56] so the response from the server will go back directly to the client. [normal TCP/IP routing].

Therefore, you need to nat the client ip address on the CSS.

The command to use is

group clientnat

vip 192.168.5.137

add destination service

active

This will nat all clients traffic going to server 31.17.

If you only want this for some clients only [ie vlan56] you will need to use an acl to apply the group

ie:

group clientnat

vip x.x.x.x

active

acl 1

clause 10 permit any destination content owner/rule sourcegroup clientnat

clause 99 permit any any destination any

apply all

Thanks for rating this answer.

Gilles.