Re: SNAT on ACE 4700 in bridging mode

hermanaccd · ‎05-15-2008

Hi,

I would like to implement Source-NAT for some traffic, but not all traffic for the ACE 4700. The ACE 4700 will be configured as a bridge.

Can I configure Source-NAT using an extended access-list when the ACE 4700 is used as a bridge? I need Source-NAT for servers that need to access the VIPs on the ACE. All VIPs and real servers are on the same IP subnet. I was going to configure the ACE as a bridge so that IP addresses don't have to change.

Let me know how Source-NAT will work in this bridging scenario. If not, what examples or options do I have?

Thank you.

Gilles Dufour · ‎05-15-2008

traffic that is bridged through ACE can't be src nated.

But traffic terminating on the ACE blade or routed can be source nated.

In your case, since you hit a vip, the traffic "terminates" on ACE and it will be source nated.

Gilles.

hermanaccd · ‎05-15-2008

Thanks, Gilles!

So, does it mean I can just use a standard access-list to identify traffic for Source-NAT? Meaning, I can just Source-NAT based on source IP addresses instead of using an extended access-list to specify both source address and destination VIP?

Gilles Dufour · ‎05-15-2008

a simple ACL should work.

Gilles.

hermanaccd · ‎05-15-2008

Thanks, Gilles.

One more thing - for the Nat pool, do I associate it with the Client-Side VLAN or the Server-Side VLAN?

As for the Service-Policy for NAT, should I associate it with the Client-Side VLAN or the Server-Side VLAN?