cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1423
Views
5
Helpful
2
Replies

ACE Module - Source NAT server initiated connections to a VIP address

cisco_moderator
Beginner
Beginner

Hi,

We need our ACE to source NAT server initiated connections to a VIP address. Our old CSM used the following command and we are looking for the equivalent ACE configuration:

static nat virtual

real <real server ip>

real <real server ip>

We have tried the following ACE configuration without success:

class-map match-any REALS

match source-address <real server ip> 255.255.255.255

match source-address <real server ip> 255.255.255.255

policy-map multi-match NAT-POLICY

class REALS

nat dynamic 1 vlan 200

interface vlan 100

description INSIDE

service-policy input NAT-POLICY

interface vlan 200

description OUTSIDE

nat-pool 1 <vip address> netmask 255.255.255.255

>>>Error: Cannot overlap vip or NAT address configured in a shared interface!

Any suggestions would be appreciated,

Thanks,

Paul

1 Accepted Solution

Accepted Solutions

jason.espino
Beginner
Beginner

Your configuration looks correct with the exception of your nat-pool statement. You have to use "pat" at the end of the nat-pool statement to allow the ACE to dynamically NAT traffic initiated from the server IPs to the VIP address.

nat-pool 1 netmask 255.255.255.255 pat

- Jason

View solution in original post

2 Replies 2

jason.espino
Beginner
Beginner

Your configuration looks correct with the exception of your nat-pool statement. You have to use "pat" at the end of the nat-pool statement to allow the ACE to dynamically NAT traffic initiated from the server IPs to the VIP address.

nat-pool 1 netmask 255.255.255.255 pat

- Jason

Cheers Jason,

I did try with the “pat” option but it still wouldn't work. I have now updated the ACE from A1(6.1) to A2(1.6) and the command is now accepted.

Thanks for your help.

Paul

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers