ACE NAT Pool on different Network.

Unanswered Question
Nov 28th, 2012

Can the Nat Pool be on a different network that the load balanced vip?  My current design uses nat pool on the same network, but the archatect wants the NATs on seperate VLAN.

I will be developing on ACE MOD20, but the final configuration will be on 4710.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
chrhiggi Wed, 11/28/2012 - 10:53

Sure can, however,the point of source NAT is generally that the source IP should be L2 adjacent to the server.  If the source IP is not, then you have to have a static route in your server or somewhere in the network to ensure the traffic makes it back into the same interface vlan on ACE. In that case... you might as well not use nat and put routes on the server for the client subnets.


Chris Higgins

geraldjacksontx Thu, 11/29/2012 - 04:41

I am using Load Balancer on a stick.  So I can create a VIP or class map on one subnet (SVI) and NAT Pool on another (SVI) or do I need 2 SVI.  I currently do it under a single network on (SVI).

Can you send me an example?

I need the VIP/class map to not be L2 adjacent.  I will not own the routing.  It will be done by another contractror.  But if I I use a second Network for NAT Pool then the routing, with default routing on the servers should work.

chrhiggi Thu, 11/29/2012 - 10:30


rserver host Esc1

  ip address


serverfarm host HTTP

  rserver Esc1


class-map match-all

  2 match virtual-address tcp eq www

policy-map type loadbalance first-match

  class class-default

    serverfarm HTTP

policy-map multi-match GLOBAL-PMAPVIP


    loadbalance vip inservice

    loadbalance policy

    nat dynamic 1 vlan 190

interface vlan 190

  ip address

  access-group input test

  nat-pool 1 netmask pat

  service-policy input GLOBAL-PMAPVIP

  no shutdown

For this sample, the source ip of the traffic as it left the ACE would be, off subnet of vlan 190 as you are requesting.  As well, the server in the example is not L2 adjacent to vlan 190, but it could be either way.




This Discussion

Related Content