Cisco CSS address translation

The Cisco CSS offers 2 address translation methods ; source groups and destination groups.

Source Group

When a connection is initiated outbound through the Cisco CSS (from any of the group services) the source IP is translated to the groups VIP address.
Source group servers are defined using the add service [service name] command.

Example : When SERVER-A initiates a connection outbound through the CSS, traffic will be source NAT`d behind address 10.1.1.100.

group SOURCE-GROUP
  vip address 10.1.1.100
  add service SERVER-A
  add service SERVER-B
  active

Destination Group

When connection is initiated to the groups defined VIP, traffic distributed to any of the servers that are configured within the group is proxied behind the VIP.
Destination groups are typically used when internal load balancing is required.
Destination group servers are defined using the add destination service [service name] command.

Example : When the client initiates a connection to group VIP (10.1.1.100) (that is destined for either SERVER-A or SERVER-B) traffic is proxied behind the subsequent VIP (10.1.1.100). Return traffic is then routed back through the CSS and balanced as per the configured content rule.

group DEST-GROUP
  vip address 10.1.1.100
  add destination service SERVER-A
  add destination service SERVER-B
  active

Rick Donato

Want to become a networking expert?

Here is our hand-picked selection of the best courses you can find online:
Cisco CCNA 200-301 Certification Gold Bootcamp
Complete Cyber Security Course – Network Security
Internet Security Deep Dive course
Python Pro Bootcamp
and our recommended certification practice exams:
AlphaPrep Practice Tests - Free Trial