Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
674
Views
0
Helpful
3
Replies

Doing Source IP address NAT. Using 1 address vs using many

sheidelbach
Level 1
Level 1

‎01-07-2002 08:47 AM

I have a few implimentations where I am using source groups to do NAT on the client's source IP address. It is possible to always translate the source IP address to the same one, or to have it be different depending on the content rule you hit.

Is there any advantage of one over the other?

Labels:
0 Helpful
3 Replies 3

evanchen
Level 1
Level 1

‎01-07-2002 07:00 PM

The CSS can only do PAT ,Not NAT .You can config at most 255 content rules so that you can only use 255 ip addre to translated to.

So i think if you can use more ip addre to be translated to ,which will be better.

0 Helpful

sheidelbach
Level 1
Level 1
In response to evanchen

‎01-08-2002 08:27 AM

Thanks for the thoughts. I am aware of the content rule limitation, and actually, (depending on your definition of PAT vs NAT) the CSS can do NAT of the source IP address using source groups and an ACL. It can translate the source IP address of an incoming packet from a client into a different IP address. You don't really have a pool of addresses like you do on a Cisco router, you can specify a single IP address to translate the source address to, or different ones depending on the content rule you hit, so it is kind of like NATing with overload on a router. I am doing it now.

The basic steps for doing NAT on the source(I.E.-Client's) IP address are:

group [groupx]

ip address [source address you want to change client IP to]

active

acl 1

clause 10 permit any any destination [VIP of content rule] sourcegroup [groupx]

apply circuit-(VLANx)

If the inbound packet on VLANx matches all the criteria in the clause statement, the "sourcegroup" part of the clause statement links you to the ip address that you want to NAT your client's source address to.

You can build on this and make it as fancy as you like, even translating the source address to different addresses depending on the content rule you hit. I'm just wondering if there is an advantage of using many different IP addresses over using just one.

0 Helpful

b-hamm
Level 1
Level 1
In response to sheidelbach

‎01-23-2002 07:19 PM

One advantage - The number of active source ports for a single IP is roughly 64000 ports. A large client pool may be split into two pools to divide the load among 2 source IPs thus doubling the available source ports.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card