ACE NAT Pool on different Network.

Unanswered Question
Nov 28th, 2012

Can the Nat Pool be on a different network that the load balanced vip?  My current design uses nat pool on the same network, but the archatect wants the NATs on seperate VLAN.

I will be developing on ACE MOD20, but the final configuration will be on 4710.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 0 (0 ratings)
chrhiggi Wed, 11/28/2012 - 10:53

Sure can, however,the point of source NAT is generally that the source IP should be L2 adjacent to the server.  If the source IP is not, then you have to have a static route in your server or somewhere in the network to ensure the traffic makes it back into the same interface vlan on ACE. In that case... you might as well not use nat and put routes on the server for the client subnets.

Regards,

Chris Higgins

geraldjacksontx Thu, 11/29/2012 - 04:41

I am using Load Balancer on a stick.  So I can create a VIP or class map on one subnet (SVI) and NAT Pool on another (SVI) or do I need 2 SVI.  I currently do it under a single network on (SVI).

Can you send me an example?

I need the VIP/class map to not be L2 adjacent.  I will not own the routing.  It will be done by another contractror.  But if I I use a second Network for NAT Pool then the routing, with default routing on the servers should work.

chrhiggi Thu, 11/29/2012 - 10:30

Cecil-

rserver host Esc1

  ip address 172.16.36.132

  inservice

serverfarm host HTTP

  rserver Esc1

    inservice

class-map match-all 172.16.36.13-80-VIP

  2 match virtual-address 172.16.36.13 tcp eq www

policy-map type loadbalance first-match 172.16.36.13-80-PMAPLB

  class class-default

    serverfarm HTTP

policy-map multi-match GLOBAL-PMAPVIP

  class 172.16.36.13-80-VIP

    loadbalance vip inservice

    loadbalance policy 172.16.36.13-80-PMAPLB

    nat dynamic 1 vlan 190

interface vlan 190

  ip address 172.16.36.12 255.255.255.192

  access-group input test

  nat-pool 1 192.168.1.1 192.168.1.1 netmask 255.255.255.0 pat

  service-policy input GLOBAL-PMAPVIP

  no shutdown

For this sample, the source ip of the traffic as it left the ACE would be 192.168.1.1, off subnet of vlan 190 as you are requesting.  As well, the server in the example is not L2 adjacent to vlan 190, but it could be either way.

Regards,

Chris

Actions

Login or Register to take actions

This Discussion

Posted November 28, 2012 at 10:49 AM
Stats:
Replies:3 Avg. Rating:
Views:477 Votes:0
Shares:0

Related Content

Discussions Leaderboard

Rank Username Points
1 1,551
2 369
3 333
4 228
5 212
Rank Username Points
5