i'm trying to setup a 4710 with a client, server and management interface
i can see traffic passing through the appliance to my proxy where i'm capturing traffic but i want to use the server interface as the source IP and therefore NAT the original client's IP
i'm new to this box so i'm not sure how to do this
can anyone give me an indication of how to do this?
thanks to anyone taking the time to read this or to reply
First, add the following to your multimatch-policy that currently handles proxy traffic:
policy-map multimatch something
nat dynamic 1 vlan xxx
1 represents the pat-pool. You can use any number between 1 and 2147483647
xxx represents the vlan-id of your egress vlan interface (proxyserver vlan, e.g 100)
Then, add the following to your egress vlan-interface:
nat-pool 1 x.x.x.x x.x.x.x netmask y.y.y.y pat
Again, 1 corresponds to the nat-pool configured in your multimatch policy
y.y.y.y represents the desired address to which you want to nat your clientaddresses
x.x.x.x represents the netmask, remember to use the netmask assigned to that subnet
pat simply applies many-to-one translation, rather than using one-to-one.
nat-pool 1 10.10.10.1 10.10.10.1 netmask 255.255.255.0 pat
10.10.10.1 in this case corresponds to the interface-address. Or you could assign a unique address/address range to represents your PAT-sessions.