Hello,

I have 1 VLAN (VLAN 10) with all my VIPs, and 4 VLANs (VLAN 11,12,13,14) with my real servers.

All my servers can start sessions, but I want them to be source natted to their VIP addresses.

I assume that I will get something like this:

access-list SNAT-acl line 8 extended permit ip any any

class-map SNAT-cm

match access-list SNAT-acl

policy-map multi-match SNAT-1-pm

class-map SNAT-cm

nat dynamic 1 vlan 10

policy-map multi-match SNAT-2-pm

class-map SNAT-cm

nat dynamic 2 vlan 10

policy-map multi-match SNAT-3-pm

class-map SNAT-cm

nat dynamic 3 vlan 10

policy-map multi-match SNAT-4-pm

class-map SNAT-cm

nat dynamic 4 vlan 10

int vla 11

desc server-vlan

service-policy input SNAT-1-pm

int vla 12

desc server-vlan

service-policy input SNAT-2-pm

int vla 13

desc server-vlan

service-policy input SNAT-3-pm

int vla 14

desc server-vlan

service-policy input SNAT-4-pm

int vlan 10

desc client-vlan

nat pool 1 10.11.0.1 netmask 255.255.255.255 pat

nat pool 2 10.12.0.1 netmask 255.255.255.255 pat

nat pool 3 10.13.0.1 netmask 255.255.255.255 pat

nat pool 4 10.14.0.1 netmask 255.255.255.255 pat

But this seems kind of not correct. I can't test this at the moment, so I don't know if this works or not.

Would this solution work?

Is this the best way in doing SNAT for server initiated connections?

Is there a better way for doing SNAT for server initiated connections?

Thanks in advance!