Gilles Dufour Thu, 01/17/2008 - 05:25
User Badges:
  • Cisco Employee,


you need to perform client nat when servers try to access the vip (this is true for every loadbalancers).

in this case, create an acl to match the traffic from the real servers to the vip.


class-map src-rserver

match access-list ....

Then create a natpool on the server vlan

interface vlan XXX

natpool 1 x.x.x.x .....

Then create a policy-map to link the nat-pool and the class-map

policy-map multimatch nat-rserver

class src-rserver

nat dynamic 1 vlan XXX

Finally, configure the policy-map on the server interface

interface vlan XXX

service-policy input nat-rserver


dinesh1977 Thu, 01/17/2008 - 10:19
User Badges:

Hi Gilles,

Thanks for the information .

Please find the below config

interface vlan 15

description server-side Interface

bridge-group 10

access-group input ORACLE-ACCESS

access-group output ORACLE-ACCESS

no shutdown


class-map match-all ORACLE

2 match virtual-address tcp eq www

should i configure natpool on vlan 15 ?

What will be the IP address ? ( natpool 1 X.X.X.X) . could you please clarify this also ?

Thanks in advance

-- Dinesh

IAN PERRY Mon, 02/23/2009 - 02:34
User Badges:


Yes, the natpool should be configured on VLAN 15, and the IP address should be a valid and available one on the same subnet as BVI 10.

Hope this helps,


dinesh1977 Fri, 01/18/2008 - 01:42
User Badges:

Hi Gilles ,

We have configured bridge group in ACE ..

Both client side and server side vlan are in same segments . In that case how to achieve this ?




This Discussion