Re: SOURCEGROUP KEYWORD AND FTP SERVERS

martin-perez · ‎07-21-2004

Hi :

I have problems with a couple of FTP servers balanced with a CSS11555.

As we know, we have to define a GROUP for these two services in order to the data connection works.

I´m using the same services in the group that I configure on the content rule.

The problem is that this group affects all outbound traffic from this servers (i.e. FTP or DNS traffic to an outside server).

Does anyone knows how "SOURCEGROUP" keyword works on an ACL or how can i solve this problem ?

Regards

Martín

thamdani · ‎07-21-2004

Martin,

You need to configure the source group with VIP address only [without any service] and use the ACL with source group to NAT the source depending on your prefrence.

ACL example

clause number permit protocol [source_info {source_port}]

dest [dest_info {dest_port}] {sourcegroup name_of_group}

Here is the link which will help to config ACL.

http://www.cisco.com/univercd/cc/td/doc/product/webscale/css/css_720/bsccfggd/sgacleql.htm#1047423

Note:-Be careful while configuring the ACL on CSS.Bydefault there is explicit deny all as soon as you enable the ACL on CSS.

martin-perez · ‎07-21-2004

Thanks Tanveer.

I will try it ...