Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
737
Views
5
Helpful
5
Replies

ACE: Significance of mask in nat-pools configured for Source NAT

AnthonyGZ
Level 1
Level 1

‎06-25-2008 11:24 AM

Hi guys

If I am using source nat in ACE (One IP address 10.10.10.200) used for all client address translations.

What would be the difference between the nat-pools configured with different netmask.

What is the recommended netmask for pat, 255.255.255.255 or Vlan interface's Mask (/24 in this case)

and why?

case1:

interface vlan 7

ip address 10.10.10.100 255.255.255.0

nat-pool 1 10.10.10.200 10.10.10.200 netmask 255.255.255.0 pat

service-policy input clientvips

no shutdown

case2:

interface vlan 7

ip address 10.10.10.100 255.255.255.0

nat-pool 1 10.10.10.200 10.10.10.200 netmask 255.255.255.255 pat

service-policy input clientvips

no shutdown

Thanks in Advance

A.

Labels:
0 Helpful
5 Replies 5

Gilles Dufour
Cisco Employee
Cisco Employee

‎06-25-2008 09:50 PM

I always use a netmask matching the subnet.

But actually it can be whatever you want.

The netmask is not being used.

Gilles.

AnthonyGZ
Level 1
Level 1
In response to Gilles Dufour

‎06-25-2008 11:02 PM

Gilles

Thanks a lot. It makes more sense now.

I posted another question for an ACE design validation. Could you please validate this

I am planning to deploy ACE module in following manner:

> ACE will be in one arm mode ( Only one vlan connected to the ACE).

> Vips & Rservers (all serverfarms) will be in the same Vlan X.

> Default gateway on the ACE & Real servers will be the upstream router

> There will be Source NAT configured for all Serverfarms.

ACE --- Vlan X -------Router--- internet

.................|

.................|-- Sfarm 1

.................|

.................|-- Sfarm 2

.................|

.................|-- Sfarm n

I am pretty sure that it should work.

Just wanted an expert opinion.

Thanks

0 Helpful

Gilles Dufour
Cisco Employee
Cisco Employee
In response to AnthonyGZ

‎06-26-2008 02:49 AM

Perfectly valid design.

Gilles.

0 Helpful

g-hopkinson
Level 1
Level 1

‎09-19-2008 08:58 AM

Hi,

The netmasks are both correct for the pools, however if the mask was 255.255.255.252, the address would fall on the network portion, so the only valid addresses would be 201, and 202. Giles might correct me for the ACE.

Gary

0 Helpful

Gilles Dufour
Cisco Employee
Cisco Employee
In response to g-hopkinson

‎09-22-2008 12:22 AM

Gary is correct.

The netmask is actually used (it wasn't before but it is now) to determine what addresses in the pool should not be used (broadcast addresses).

G.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents