10-01-2009 05:07 AM
Hi,
We need our ACE to source NAT server initiated connections to a VIP address. Our old CSM used the following command and we are looking for the equivalent ACE configuration:
static nat virtual
real <real server ip>
real <real server ip>
We have tried the following ACE configuration without success:
class-map match-any REALS
match source-address <real server ip> 255.255.255.255
match source-address <real server ip> 255.255.255.255
policy-map multi-match NAT-POLICY
class REALS
nat dynamic 1 vlan 200
interface vlan 100
description INSIDE
service-policy input NAT-POLICY
interface vlan 200
description OUTSIDE
nat-pool 1 <vip address> netmask 255.255.255.255
>>>Error: Cannot overlap vip or NAT address configured in a shared interface!
Any suggestions would be appreciated,
Thanks,
Paul
Solved! Go to Solution.
10-01-2009 09:48 AM
Your configuration looks correct with the exception of your nat-pool statement. You have to use "pat" at the end of the nat-pool statement to allow the ACE to dynamically NAT traffic initiated from the server IPs to the VIP address.
nat-pool 1
- Jason
10-01-2009 09:48 AM
Your configuration looks correct with the exception of your nat-pool statement. You have to use "pat" at the end of the nat-pool statement to allow the ACE to dynamically NAT traffic initiated from the server IPs to the VIP address.
nat-pool 1
- Jason
10-02-2009 01:50 AM
Cheers Jason,
I did try with the âpatâ option but it still wouldn't work. I have now updated the ACE from A1(6.1) to A2(1.6) and the command is now accepted.
Thanks for your help.
Paul
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide