05-15-2008 05:54 AM
Hi,
I would like to implement Source-NAT for some traffic, but not all traffic for the ACE 4700. The ACE 4700 will be configured as a bridge.
Can I configure Source-NAT using an extended access-list when the ACE 4700 is used as a bridge? I need Source-NAT for servers that need to access the VIPs on the ACE. All VIPs and real servers are on the same IP subnet. I was going to configure the ACE as a bridge so that IP addresses don't have to change.
Let me know how Source-NAT will work in this bridging scenario. If not, what examples or options do I have?
Thank you.
05-15-2008 10:10 AM
traffic that is bridged through ACE can't be src nated.
But traffic terminating on the ACE blade or routed can be source nated.
In your case, since you hit a vip, the traffic "terminates" on ACE and it will be source nated.
Gilles.
05-15-2008 10:23 AM
Thanks, Gilles!
So, does it mean I can just use a standard access-list to identify traffic for Source-NAT? Meaning, I can just Source-NAT based on source IP addresses instead of using an extended access-list to specify both source address and destination VIP?
05-15-2008 10:35 AM
a simple ACL should work.
Gilles.
05-15-2008 10:44 AM
Thanks, Gilles.
One more thing - for the Nat pool, do I associate it with the Client-Side VLAN or the Server-Side VLAN?
As for the Service-Policy for NAT, should I associate it with the Client-Side VLAN or the Server-Side VLAN?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide