Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3093
Views
0
Helpful
4
Replies

question about dynamic nat on ACE

Go to solution
nygenxny123
Level 1
Level 1

‎02-02-2011 09:39 AM

per documentation and training...i have always seen nat applied..using an accesss-list to define traffic,

class and policy maps than applied to an interface

howerver i ran across this configuration and wondering what exaclty it is doing..it seems overly simplified


I will post the only mention of NAT in the config

class-map match-all CUSOMERC-VIP
  2 match virtual-address 172.20.200.33 tcp eq www

policy-map multi-match VIPs
 
  class CUSOMERC-VIP
    loadbalance vip inservice
    loadbalance policy CUSOMERC-POLICY-L7
    loadbalance vip icmp-reply active
    nat dynamic 722 vlan 722

interface vlan 120

ip address 10.11.20.8 255.255.255.0

peer ip address 10.11.20.9 255.255.255.0

no normalization

no icmp-guard

access-group input any

nat-pool 120 10.11.20.30 10.11.20.30 netmask 255.255.252.0 pat

service-policy input ALLOW_ICMP_POLICY

interface vlan 722

  ip address 172.20.200.4 255.255.255.0

  alias 172.20.200.10 255.255.255.0

  peer ip address 172.20.200.5 255.255.255.0

  no normalization

  access-group input any

  nat-pool 722 172.20.200.20 172.20.200.20 netmask 255.255.255.0 pat

  service-policy input VIPs

  service-policy input ALLOW_ICMP_POLICY

  no shutdown

could this be considered a proper configuration?..i don't even see global service policies which reference NAT

when i hit the vip of CUSOMERC-VIP it doesn not appear that i am being translated.but do show a connection

apptier# sh xlate
apptier# sh conn | inc 172.20.200.33
1624825    1  in  TCP   722  172.20.34.70:3481     172.20.200.33:80      ESTAB

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions