DNAT on Cisco ACE

Unanswered Question
Jul 7th, 2009

Hi

I'm trying to configure the DNAT for the traffic that is coming from the outside network.

I found some examples in the ACE config guide, but none of them shows how to do the following thing (if it is possible at all).

I'd like to hide the rserver under the NAT from the clients but using the new ip address range, that is different then the client's and servers's ip addresses.

Does anybody know if it is possible to do that and if yes how it should be configured ?

Thanks in advance

Regards

Lucas

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
lukaszkhalil Wed, 07/08/2009 - 00:11

I found this description but it is not clear enough for me.

If I want to use static NAT for client->server traffic where should I apply the service-policy with the NAT command ? On the Client or server side interface ?

In addition, in the user guide, there is an information that in ACL I should specify the host that need to be nated, and in the "nat static" command I should specify the ip address that will be visible on the client network. Am I right ?

Thanks for your help.

Regards

Luacs

lukaszkhalil Wed, 07/08/2009 - 00:21

I've attached the diagram that describes how our environment looks like. Below I am putting the config that we tried to apply.

class-map NAT

match destination-address 172.16.0.10 255.255.255.255

policy-map multi-match L4-client

class NAT

nat static 10.0.0.10 vlan 200

Interface vlan 100

service-policy input L4-client

Attachment: 
lukaszkhalil Fri, 07/10/2009 - 04:25

We have opened a case in a TAC, and the engineer helped us to solve this issue.

We created a VIP with the ip address 172.16.0.10 and attached to it the serverfarm with the rserver 10.0.0.10.

There was no need to do any kind of nating.

I hope it will help somebody with the same problem.

Regard

Lucas

Actions

This Discussion