Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ACE30: Connectivity between IP subnets on the same VLAN being NATed?

Hi Guys,

We have a subnet setup on the ACE as follows:

interface vlan 300

  description CALLISTA Environment

  ipv6 enable

  ip address 2001:388:608c:8b8::fffd/64

  alias 2001:388:608c:8b8::fffe/64

  peer ip address 2001:388:608c:8b8::fffc/64

  ipv6 nd ra interval 30

  ipv6 nd prefix 2001:388:608c:8b8::/64

  ip address 130.194.13.61 255.255.255.192

  ip dhcp relay server 130.194.15.17

  ip dhcp relay server 130.194.15.1

  alias 130.194.13.62 255.255.255.192

  peer ip address 130.194.13.60 255.255.255.192

  ip address 130.194.19.220 255.255.255.224 secondary

  alias 130.194.19.222 255.255.255.224 secondary

  peer ip address 130.194.19.221 255.255.255.224 secondary

  access-group input ALLOW

  access-group input ALLOWv6

  access-group output ALLOW

  access-group output ALLOWv6

  nat-pool 1 172.16.25.231 172.16.25.231 netmask 255.255.255.255 pat

Notes:

There is the primary subnet 130.194.13.0/26 and the secondary IP subnet 130.194.19.192/27

The nat-pool is configured to allow server initiated connections to their frontend VIP when necessary.

We are noticing that when a server on the 130.194.19.192/27 subnet needs to communicate with a server on 130.194.13.0/26, albeit on the same VLAN, the destination server sees connections with a source IP of 172.16.25.231, which is the NAT address.  Is this expected behavior, where connections between IP subnets, albeit on the same VLAN are NATed?

thanks

Sheldon

Everyone's tags (2)
1 REPLY
Cisco Employee

ACE30: Connectivity between IP subnets on the same VLAN being NA

Hi Sheldon,

Normally you should not need NAT but if you have a service policy applied which matches the conditions you have defined in class maps, the NAT will be applied.

You have mentioned that NAT pool is configured for server initiated conns and that must be the reason why traffic is getting natted because it must be matching the statement.

Regards,

Kanwal

252
Views
0
Helpful
1
Replies