Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACE: Significance of mask in nat-pools configured for Source NAT

Hi guys

If I am using source nat in ACE (One IP address 10.10.10.200) used for all client address translations.

What would be the difference between the nat-pools configured with different netmask.

What is the recommended netmask for pat, 255.255.255.255 or Vlan interface's Mask (/24 in this case)

and why?

case1:

interface vlan 7

ip address 10.10.10.100 255.255.255.0

nat-pool 1 10.10.10.200 10.10.10.200 netmask 255.255.255.0 pat

service-policy input clientvips

no shutdown

case2:

interface vlan 7

ip address 10.10.10.100 255.255.255.0

nat-pool 1 10.10.10.200 10.10.10.200 netmask 255.255.255.255 pat

service-policy input clientvips

no shutdown

Thanks in Advance

A.

5 REPLIES
Cisco Employee

Re: ACE: Significance of mask in nat-pools configured for Source

I always use a netmask matching the subnet.

But actually it can be whatever you want.

The netmask is not being used.

Gilles.

New Member

Re: ACE: Significance of mask in nat-pools configured for Source

Gilles

Thanks a lot. It makes more sense now.

I posted another question for an ACE design validation. Could you please validate this

I am planning to deploy ACE module in following manner:

> ACE will be in one arm mode ( Only one vlan connected to the ACE).

> Vips & Rservers (all serverfarms) will be in the same Vlan X.

> Default gateway on the ACE & Real servers will be the upstream router

> There will be Source NAT configured for all Serverfarms.

ACE --- Vlan X -------Router--- internet

.................|

.................|-- Sfarm 1

.................|

.................|-- Sfarm 2

.................|

.................|-- Sfarm n

I am pretty sure that it should work.

Just wanted an expert opinion.

Thanks

Cisco Employee

Re: ACE: Significance of mask in nat-pools configured for Source

Perfectly valid design.

Gilles.

New Member

Re: ACE: Significance of mask in nat-pools configured for Source

Hi,

The netmasks are both correct for the pools, however if the mask was 255.255.255.252, the address would fall on the network portion, so the only valid addresses would be 201, and 202. Giles might correct me for the ACE.

Gary

Cisco Employee

Re: ACE: Significance of mask in nat-pools configured for Source

Gary is correct.

The netmask is actually used (it wasn't before but it is now) to determine what addresses in the pool should not be used (broadcast addresses).

G.

343
Views
5
Helpful
5
Replies