Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
442
Views
0
Helpful
1
Replies

Use of content rule vs source group for NATing

soumya.sarkar
Level 1
Level 1

‎05-30-2007 02:24 PM

To NAT outgoing flows out of two servers, is it necessary to define a content rule and source group (or is just a source group sufficient?).

Having trouble with Option 2.

Option 1:

service svr1

ip address 192.168.10.1

no port

protocol tcp

active

Also does CSS do NAPT i.e. alter the source port number for outgoing packets from source groups?

service svr2

ip address 192.168.10.2

no port

protocol tcp

active

content outflows

protocol tcp

add service svr1

add service svr2

vip address <externalip>

active

group outgrp

vip address <external ip>

add service svr1

add service svr2

active

<add appropriate acl>

Option 2:

service svr1

ip address 192.168.10.1

no port

protocol tcp

active

service svr2

ip address 192.168.10.2

no port

protocol tcp

active

group outgrp

vip address <external ip>

add service svr1

add service svr2

active

<add appropriate acl>

Labels:
0 Helpful
1 Reply 1

Gilles Dufour
Cisco Employee
Cisco Employee

‎05-30-2007 11:35 PM

to nat connections initiated by the server, you only need a source group.

No need for a content rule.

The CSS will port nat.

Gilles.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card