Solved: ACE Module - Source NAT server initiated connections to a VIP address

cisco_moderator · ‎10-01-2009

Hi,

We need our ACE to source NAT server initiated connections to a VIP address. Our old CSM used the following command and we are looking for the equivalent ACE configuration:

static nat virtual

real <real server ip>

We have tried the following ACE configuration without success:

class-map match-any REALS

match source-address <real server ip> 255.255.255.255

policy-map multi-match NAT-POLICY

class REALS

nat dynamic 1 vlan 200

interface vlan 100

description INSIDE

service-policy input NAT-POLICY

interface vlan 200

description OUTSIDE

nat-pool 1 <vip address> netmask 255.255.255.255

>>>Error: Cannot overlap vip or NAT address configured in a shared interface!

Any suggestions would be appreciated,

Thanks,

Paul

jason.espino · ‎10-01-2009

Your configuration looks correct with the exception of your nat-pool statement. You have to use "pat" at the end of the nat-pool statement to allow the ACE to dynamically NAT traffic initiated from the server IPs to the VIP address.

nat-pool 1 netmask 255.255.255.255 pat

- Jason

View solution in original post

jason.espino · ‎10-01-2009

Your configuration looks correct with the exception of your nat-pool statement. You have to use "pat" at the end of the nat-pool statement to allow the ACE to dynamically NAT traffic initiated from the server IPs to the VIP address.

nat-pool 1 netmask 255.255.255.255 pat

- Jason

cisco_moderator · ‎10-02-2009

Cheers Jason,

I did try with the â€œpatâ€ option but it still wouldn't work. I have now updated the ACE from A1(6.1) to A2(1.6) and the command is now accepted.

Thanks for your help.

Paul