02-03-2008 01:55 PM
Trying to implement Source NAT for a vlan 400(subnet 10.1.4.x/24)which contains both the servers & the vips.
Servers - Default Gateway is the VLAN 400 INterface on the 6500 (which populates the ace module inside) and not the vlan 400 interface on the ACE module (tried using ACE interface, but it doesnt work)..
ACL - Configured for Server to VIP Connectivity
Class Map - COnfigured to match ACL
Policy Map
Matching class map and Nat dynamic statement
Service policy for the above configured policy map.
Nat pool <ip similar to the 10.1.4.x subnet> on the vlan interface.
Test Results:-
Connection attempted from server 10.1.4.218 to vip 10.1.4.172..I could see the connection coming in for the vip from the Server to the vip..But dont see a connection going out..I am sure the Server is trying to return the packet to the vip, searching it locally rather than reaching the ACE. Am i Missing something here..
02-04-2008 02:45 AM
Could you pls send the config? Remember that the nat-pool has to reside on the outgoing IF of ACE (if you have 2 IF on ACE). Not sure about which topology you're talking about.
pascal
02-04-2008 06:08 AM
send us the config and a sniffer trace.
Also get a 'show conn detail' and 'show service-policy detail' just after opening a connection from the server.
Gilles.
02-04-2008 09:51 AM
02-04-2008 10:13 AM
I do not think your natting works.
The natpool on vlan 400 which is the server vlan has natpool id 40 not 100 as you have configured in the nat policy.
policy-map multi-match nat
class nat
nat dynamic 1 vlan 700
nat dynamic 100 vlan 400 <===
nat dynamic 300 vlan 300
Gilles.
02-04-2008 10:17 AM
02-04-2008 12:00 PM
ok.
Did you verify that nating was working ??
Maybe get a sniffer trace.
Gilles.
02-04-2008 04:11 PM
With this config, it didnt work..I am going to change the gateway of the servers directly to the ACE interface rather than the VLAN interface on the MSFC to get more control on the return traffic..Hopefully it will assist me to capture packets at granular level when compared to packets captured at the MSFC for the entire vlan that span across the ACE & other CSS boxes..
Thanks for your help Giles. I will definitely come back with more results and queries..
Raja.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide