HI All,
Hope someone can help me out here. I'm facing an issue on an ACE module in a CAT6500 is nto SNATting
Basic physcial topology is
Server1>VLAN413>ACE(Bridged)>VLAN513>MSFC
Basic Logical is
Server1>VLAN413>VLAN513(GW)>VIP(onACE)>VLAN413>NTPServer
So basically Server1 is trying to connect to NTPServer (for NTP) using the VIP on the ACE.
The VIP is in a different subnet than the servers, but the servers are in the same subnet.
Need to use the VIP for scaling out NTP.
MSFC handles routing to/from VIP and Server subnet. MSFC INT VLAN 513 is the GW for the subnet.
My problem is that SNAT is not natting traffic from Server1 to the VIP and hence on to the NTP Server.
Is this topology even valid for SNAT
See sanitised config below.
class-map match-all SNAT-1
2 match source-address 1.1.1.0 255.255.255.0
policy-map multi-match vips
class time.domain.com
loadbalance vip inservice
loadbalance policy time.domain.com
loadbalance vip icmp-reply active
loadbalance vip advertise active
nat dynamic 2 vlan 513
class SNAT-1
nat dynamic 1 vlan 413
interface vlan 413
bridge-group 1
access-group input anyone
nat-pool 1 1.1.1.11 1.1.1.11 netmask 255.255.255.0 pat
service-policy input vips
no shutdown
interface vlan 513
description L3 Interface facing MSFC
bridge-group 1
access-group input anyone
nat-pool 2 1.1.1.12 1.1.1.12 netmask 255.255.255.0 pat
service-policy input vips
no shutdown
interface bvi 1
ip address 1.1.1.3 255.255.255.0
alias 1.1.1.6 255.255.255.0
peer ip address 1.1.1.4 255.255.255.0
no shutdown
Thanks in advance
Stephen
==========================
http://www.rconfig.com
A free, open source network device configuration management tool, customizable to your needs!
- Always vote on an answer if you found it helpful
