Cisco Support Community
Community Member

DNAT on Cisco ACE


I'm trying to configure the DNAT for the traffic that is coming from the outside network.

I found some examples in the ACE config guide, but none of them shows how to do the following thing (if it is possible at all).

I'd like to hide the rserver under the NAT from the clients but using the new ip address range, that is different then the client's and servers's ip addresses.

Does anybody know if it is possible to do that and if yes how it should be configured ?

Thanks in advance



Cisco Employee
Community Member

Re: DNAT on Cisco ACE

I found this description but it is not clear enough for me.

If I want to use static NAT for client->server traffic where should I apply the service-policy with the NAT command ? On the Client or server side interface ?

In addition, in the user guide, there is an information that in ACL I should specify the host that need to be nated, and in the "nat static" command I should specify the ip address that will be visible on the client network. Am I right ?

Thanks for your help.



Community Member

Re: DNAT on Cisco ACE

I've attached the diagram that describes how our environment looks like. Below I am putting the config that we tried to apply.

class-map NAT

match destination-address

policy-map multi-match L4-client

class NAT

nat static vlan 200

Interface vlan 100

service-policy input L4-client

Community Member

Re: DNAT on Cisco ACE

We have opened a case in a TAC, and the engineer helped us to solve this issue.

We created a VIP with the ip address and attached to it the serverfarm with the rserver

There was no need to do any kind of nating.

I hope it will help somebody with the same problem.



CreatePlease to create content