I have 1 VLAN (VLAN 10) with all my VIPs, and 4 VLANs (VLAN 11,12,13,14) with my real servers.
All my servers can start sessions, but I want them to be source natted to their VIP addresses.
I assume that I will get something like this:
access-list SNAT-acl line 8 extended permit ip any any
match access-list SNAT-acl
policy-map multi-match SNAT-1-pm
nat dynamic 1 vlan 10
policy-map multi-match SNAT-2-pm
nat dynamic 2 vlan 10
policy-map multi-match SNAT-3-pm
nat dynamic 3 vlan 10
policy-map multi-match SNAT-4-pm
nat dynamic 4 vlan 10
int vla 11
service-policy input SNAT-1-pm
int vla 12
service-policy input SNAT-2-pm
int vla 13
service-policy input SNAT-3-pm
int vla 14
service-policy input SNAT-4-pm
int vlan 10
nat pool 1 10.11.0.1 netmask 255.255.255.255 pat
nat pool 2 10.12.0.1 netmask 255.255.255.255 pat
nat pool 3 10.13.0.1 netmask 255.255.255.255 pat
nat pool 4 10.14.0.1 netmask 255.255.255.255 pat
But this seems kind of not correct. I can't test this at the moment, so I don't know if this works or not.
Would this solution work?
Is this the best way in doing SNAT for server initiated connections?
Is there a better way for doing SNAT for server initiated connections?
Thanks in advance!