Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
628
Views
0
Helpful
1
Replies

ACE Mod Source NAT

mj11
Level 3
Level 3

‎10-03-2011 02:13 AM

Hi All

I currently have a requirement to run a ACE context in a bridged mode which has groups of servers that need to source NAT'd to single addresses for outbound connections to single internet host. Connections are sourced on the 'server side' ACE interface and egress on the 'client side' interface, the problem I have the ACE is bridging between to Vlans and does not seem to be working, is this a supported configuration.

access-list NAT1-ACL line 2 extended permit ip host x.x.x.x host y.y.y.y

class-map NAT1-CLASS

match access-list NAT1-ACL

policy-map multi-match NAT1-POLICY

class  NAT1-CLASS

  nat dynamic 1 vlan 42

interface vlan 43

description "Server Side"

service-policy input NAT1-POLICY

interface vlan 42

description "Client Side"

nat-pool 1 x.x.x.x netmask 255.255.255.255 pat

Regards MJ

Labels:
0 Helpful
1 Reply 1

Daniel Arrondo Ostiz
Cisco Employee
Cisco Employee

‎10-04-2011 04:52 AM

Hi MJ

Unfortunately, source nat for non-load-balanced connections is not supported in bridged mode, so you configuration will not work. Instead, you can use a configurartion similar to the one below:

rserver host GATEWAY
  ip address X.X.X.X <--- IP address of the default gateway of the ACE in the client vlan
  inservice
!
serverfarm host GATEWAY_FARM
  transparent
  rserver GATEWAY
    inservice
!
class-map match-any ServerSideVip
  2 match virtual-address 0.0.0.0 0.0.0.0 any
!
policy-map type loadbalance first-match ForwardOnly
  match class class-default
    serverfarm GATEWAY_FARM
!


access-list NAT1-ACL line 2 extended permit ip host x.x.x.x host y.y.y.y

class-map match-all SNAT-server-originated
  2 match access-list NAT1-ACL


policy-map multi-match ServerSidePolicy
  class ServerSideVip
    loadbalance vip inservice
    loadbalance policy ForwardOnly
  class SNAT-server-originated
    nat dynamic 1 vlan 42
!
interface vlan 43
     description "Server Side"
     service-policy input ServerSidePolicy


interface vlan 42
     description "Client Side"
     nat-pool 1 x.x.x.x netmask 255.255.255.255 pat

Please, don't hesitate to contact me again if you want further clarification on any of the parts of this configuration

Best regards

Daniel

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card