Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
814
Views
0
Helpful
4
Replies

Cisco Css 11501 and Nat

n.calabria
Level 1
Level 1

‎02-06-2013 03:13 AM - edited ‎03-07-2019 11:32 AM

Hello Everybody,

I have an issue with the device in subject.

I need that some server, listed as service on CSS, can contact a content VIP on the same subnet......To allow that traffic I configured grouping on CSS (group 1) with vip address and an ACL that allow traffic from subnet 10.1.1.0/24 toward same subnet 10.1.1.0/24 and I have bound this ACL with sourcegroup  1.

The nat and portmap works but never at first attempt, instead since second attemps it works......Seem like a CSS require to much time to create nat entry, have you advice for me ??  Someone has experienced the same issue ??

Tnx

Labels:
0 Helpful
4 Replies 4

stephen.stack
Level 4
Level 4

‎02-06-2013 05:45 AM

Please post your configuration. Sounds like a SNAT issue.

Regards

==========================
http://www.rConfig.com 

A free, open source network device configuration management tool, customizable to your needs!

- Always vote on an answer if you found it helpful

========================== http://www.rconfig.com A free, open source network device configuration management tool, customizable to your needs! - Always vote on an answer if you found it helpful
0 Helpful

n.calabria
Level 1
Level 1
In response to stephen.stack

‎02-06-2013 07:06 AM

Hi Stephen,

below the configuration :

circuit VLAN905                             (vlan Server)

ip address 10.1.1.132

ip virtual-router 2 preempt

ip redundant-interface 10.1.1.129

group 1

flow-timeout-multiplier 38

vip address 10.1.1.142

active

acl 10

  clause 20 permit any any destination any

  clause 1 permit any 10.1.1.128 255.255.255.192 destination  10.1.1.128   255.255.255.192 sourcegroup 1

  apply circuit-(VLAN905)

This is the content where server with ip address 10.1.1.1.x  attempt the connection :

  content EIMMWBV1-80

    add service MWB01  (10.1.1.137)

    add service MWB02   (10.1.1.139)

    add service MWB03    (10.1.1.150)

    add service MWB04   

    vip address 10.1.1.145

    port 80

    protocol tcp

0 Helpful

stephen.stack
Level 4
Level 4
In response to n.calabria

‎02-06-2013 07:29 AM

I think it may be an ARP issue. If the hosts trying to reach the NAT'd address of 10.1.1.142 dont have an arp entry of it, tehy will arp out for it, and this is the delay i think. Next time check your arp tables before you try to connect and see if you hosts have an ARP entry for it. Try to connect and check again

Regards

==========================
http://www.rConfig.com 

A free, open source network device configuration management tool, customizable to your needs!

- Always vote on an answer if you found it helpful

========================== http://www.rconfig.com A free, open source network device configuration management tool, customizable to your needs! - Always vote on an answer if you found it helpful
0 Helpful

n.calabria
Level 1
Level 1
In response to stephen.stack

‎02-08-2013 03:20 AM

Hi Stepen,

I thought so, already I checked on destination server if it had an arp entry for VIP address and also when it has an ARPentry for group VIP address( Group Vip address has mac-address of CSS interface dedicated to Vlan 905) the first attempt fails.

0 Helpful
Customers Also Viewed These Support Documents