Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2357
Views
0
Helpful
3
Replies

ACE NAT Pool on different Network.

geraldjacksontx
Level 1
Level 1

‎11-28-2012 10:49 AM

Can the Nat Pool be on a different network that the load balanced vip?  My current design uses nat pool on the same network, but the archatect wants the NATs on seperate VLAN.

I will be developing on ACE MOD20, but the final configuration will be on 4710.

Labels:
0 Helpful
3 Replies 3

chrhiggi
Level 3
Level 3

‎11-28-2012 10:53 AM

Sure can, however,the point of source NAT is generally that the source IP should be L2 adjacent to the server.  If the source IP is not, then you have to have a static route in your server or somewhere in the network to ensure the traffic makes it back into the same interface vlan on ACE. In that case... you might as well not use nat and put routes on the server for the client subnets.

Regards,

Chris Higgins

0 Helpful

geraldjacksontx
Level 1
Level 1
In response to chrhiggi

‎11-29-2012 04:41 AM

I am using Load Balancer on a stick.  So I can create a VIP or class map on one subnet (SVI) and NAT Pool on another (SVI) or do I need 2 SVI.  I currently do it under a single network on (SVI).

Can you send me an example?

I need the VIP/class map to not be L2 adjacent.  I will not own the routing.  It will be done by another contractror.  But if I I use a second Network for NAT Pool then the routing, with default routing on the servers should work.

0 Helpful

chrhiggi
Level 3
Level 3
In response to geraldjacksontx

‎11-29-2012 10:30 AM

Cecil-

rserver host Esc1

  ip address 172.16.36.132

  inservice

serverfarm host HTTP

  rserver Esc1

    inservice

class-map match-all 172.16.36.13-80-VIP

  2 match virtual-address 172.16.36.13 tcp eq www

policy-map type loadbalance first-match 172.16.36.13-80-PMAPLB

  class class-default

    serverfarm HTTP

policy-map multi-match GLOBAL-PMAPVIP

  class 172.16.36.13-80-VIP

    loadbalance vip inservice

    loadbalance policy 172.16.36.13-80-PMAPLB

    nat dynamic 1 vlan 190

interface vlan 190

  ip address 172.16.36.12 255.255.255.192

  access-group input test

  nat-pool 1 192.168.1.1 192.168.1.1 netmask 255.255.255.0 pat

  service-policy input GLOBAL-PMAPVIP

  no shutdown

For this sample, the source ip of the traffic as it left the ACE would be 192.168.1.1, off subnet of vlan 190 as you are requesting.  As well, the server in the example is not L2 adjacent to vlan 190, but it could be either way.

Regards,

Chris

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card