Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACE 4710 client NAT (outgoing)

Hi Experts,

     I have a ace 4710 set as load balancing http and https only, seems working fine.

     Now I have another requirment to NAT all real servers IP (server side internal network to VIP (

our configuration is as below,

two real server ip are and connected to VLAN interface v500 (ip is

vlan v400 face to public, v400 interface ip, and one VIP, VIP is mapped to two real servers.

I need to config: all outgoing trafic from network to public to NAT the source IP to (VIP, not the interface real IP




ACE 4710 client NAT (outgoing)

Hello BQ,

I would say it should look like this:

access-list everyone line 8 extended permit ip any any

access-list everyone line 16 extended permit icmp any any

interface vlan 50

  description "Client-Server VLAN"

  ip address

  access-group input everyone

  service-policy input client-vips

  service-policy input remote-access

  nat-pool 5 netmask pat

  no shutdown

policy-map multi-match client-vips

  class slb-vip

    loadbalance vip inservice

    loadbalance policy slb

    nat dynamic 5 vlan 50

class-map match-all slb-vip

  2 match virtual-address eq tcp www

policy-map type loadbalance first-match slb

  class class-default

    serverfarm web

serverfarm host web

  rserver lnx1


  rserver lnx2


rserver host lnx1

  ip address


rserver host lnx2

  ip address


ip route

Hope this helps!!!


New Member

ACE 4710 client NAT (outgoing)

Hi Jorge,

Thanks for your reply, i have add the NAT pool "nat-pool 5 netmask pat" already, but it seems no affect for the trafic, whether add nat pool or not , it is no different. is the nap pool impact the outgoing package(like initiated trafic from real server to access public web server (  i want public user see all trafic from VIP


ACE 4710 client NAT (outgoing)

Where is the traffic generated? from the client side or the server side?

Could you provide us with an output like this: "#show service-policy client-vips class slb-vip detail" ?


ACE 4710 client NAT (outgoing)

Here are a few things you could try

1. nat-pool 5 netmask pat


nat-pool 5 netmask (/32 host)

2.service-policy input remote-access

do you have a management Vlan interface defined if so add to that interface

3. The requirements are to LB http (80), and https (443). In this case you would need two seperate VIPS defined


class-map match-all slb-vip

  2 match virtual-address eq tcp 80


class-map match-all slb-vip

  2 match virtual-address eq tcp 443

Is there a requirement to redirect http traffic ? If so you would need to define another class-map to redirect http traffic to https

show service-policy client-vips detail   


CreatePlease login to create content