I have run src NAT from one VLAN to other VLAN on the ACE OK for years. Now I need to ensure the outbound flow (to internet destination) from two servers is src natted. The inbound LB flow to the VIP (of the two servers) 10.100.60.10 tcp/25 is fine.
This is how I would normally do it, but it is not nating the real IPs.
access-list XX-XCH2010-EDGE line 20 extended permit ip any any
access-list XX-ACEDMZ-VIP line 10 extended permit ip any any
class-map match-all XX-XCH2010-EDGE
2 match virtual-address 10.100.60.10 tcp eq smtp
class-map match-any XX-XCH2010-EDGE-REALS
2 match source-address 10.100.72.10 255.255.255.255
3 match source-address 10.100.72.11 255.255.255.255
policy-map type loadbalance first-match XX-XCH2010-EDGE
class class-default
serverfarm XCH2010-EDGE-Servers
policy-map multi-match XX-ACEDMZ-VIPS
class XX-XCH2010-EDGE-REALS
nat dynamic 1 vlan 172
class XX-XCH2010-EDGE
loadbalance vip inservice
loadbalance policy XX-XCH2010-EDGE
loadbalance vip icmp-reply
interface vlan 160
description XX-ACEDMZ-VIPS
ip address 10.100.60.4 255.255.254.0
access-group input XX-ACEDMZ-VIP
service-policy input XX-ACEDMZ-VIPS
interface vlan 172
description XX-XCH2010-EDGE
ip address 10.100.72.4 255.255.254.0
access-group input XX-XCH2010-EDGE
nat-pool 1 10.100.60.10 10.100.60.10 netmask 255.255.254.0 pat
service-policy input XX-ACEDMZ-VIPS