Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
535
Views
0
Helpful
3
Replies

Client NAT - ACE

aslamta123
Level 1
Level 1

‎04-10-2008 04:45 AM

Hi All,

We are trying to configure client NAT on ACE , I have tried with the following configuration.

I want to make sure the following things

1) Whether this is a right way or not or if this is possible?

2) If it is and any one is having ideas for that please do let me know so that I can send the topology diagram as well to get it understand easily.

class-map match-all CLIENT-TO-AVS-VIP

2 match virtual-address 172.16.30.110 tcp eq www

class-map match-all NAT

2 match source-address 0.0.0.0 0.0.0.0

3 match destination-address 172.16.30.110 255.255.255.255

policy-map multi-match MOON-POLICY

class CLIENT-TO-AVS-VIP

loadbalance vip inservice

loadbalance policy MOON_AVS_CLIENT

loadbalance vip icmp-reply

class NAT

nat dynamic 9 vlan 300

interface vlan 300

description Clentside interface

bridge-group 30

access-group input ALL

nat-pool 9 172.16.30.200 172.16.30.210 netmask 255.255.255.255 pat

service-policy input REMOTE-MGMT

service-policy input MOON-POLICY

no shutdown

Regards

Aslam...

Labels:
0 Helpful
3 Replies 3

connexuscorp
Level 1
Level 1

‎04-10-2008 02:12 PM

Here is a good article on doing that.

http://snippets101.blogspot.com/2007/07/static-nat-on-cisco-ace.html

0 Helpful

agiaccone
Level 1
Level 1

‎04-14-2008 03:11 AM

Hi Aslam,

yes it's possible in a quite simple way, I see some errors in your configuration :

You don't need a second class map "NAT", the first one is sufficient. You can tell the ACE "When traffic matches CLIENT-TO-AVS-VIP, loadbalance AND nat client traffic".

To do so, simply insert the "nat dynamic 9 vlan 300" command inside the "class CLIENT-TO-AVS-VIP" mapping in the multi-match policy.

This should work as you want :

class-map match-all CLIENT-TO-AVS-VIP

2 match virtual-address 172.16.30.110 tcp eq www

policy-map multi-match MOON-POLICY

class CLIENT-TO-AVS-VIP

loadbalance vip inservice

loadbalance policy MOON_AVS_CLIENT

loadbalance vip icmp-reply

nat dynamic 9 vlan 300

remember that an instruction like

"2 match source-address 0.0.0.0 0.0.0.0" is a pleonasm, no instruction on source-address means match any source.

You can check some other scenarios on source nat here :

http://snippets101.blogspot.com/2007/12/source-nat-on-cisco-ace.html

Hope this helps.

Alberto

0 Helpful

aslamta123
Level 1
Level 1
In response to agiaccone

‎04-14-2008 03:24 AM

Thnx Alberto ,

The solution is working,

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents