Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Doing Source IP address NAT. Using 1 address vs using many

I have a few implimentations where I am using source groups to do NAT on the client's source IP address. It is possible to always translate the source IP address to the same one, or to have it be different depending on the content rule you hit.

Is there any advantage of one over the other?

3 REPLIES
New Member

Re: Doing Source IP address NAT. Using 1 address vs using many

The CSS can only do PAT ,Not NAT .You can config at most 255 content rules so that you can only use 255 ip addre to translated to.

So i think if you can use more ip addre to be translated to ,which will be better.

New Member

Re: Doing Source IP address NAT. Using 1 address vs using many

Thanks for the thoughts. I am aware of the content rule limitation, and actually, (depending on your definition of PAT vs NAT) the CSS can do NAT of the source IP address using source groups and an ACL. It can translate the source IP address of an incoming packet from a client into a different IP address. You don't really have a pool of addresses like you do on a Cisco router, you can specify a single IP address to translate the source address to, or different ones depending on the content rule you hit, so it is kind of like NATing with overload on a router. I am doing it now.

The basic steps for doing NAT on the source(I.E.-Client's) IP address are:

group [groupx]

ip address [source address you want to change client IP to]

active

acl 1

clause 10 permit any any destination [VIP of content rule] sourcegroup [groupx]

apply circuit-(VLANx)

If the inbound packet on VLANx matches all the criteria in the clause statement, the "sourcegroup" part of the clause statement links you to the ip address that you want to NAT your client's source address to.

You can build on this and make it as fancy as you like, even translating the source address to different addresses depending on the content rule you hit. I'm just wondering if there is an advantage of using many different IP addresses over using just one.

New Member

Re: Doing Source IP address NAT. Using 1 address vs using many

One advantage - The number of active source ports for a single IP is roughly 64000 ports. A large client pool may be split into two pools to divide the load among 2 source IPs thus doubling the available source ports.

163
Views
0
Helpful
3
Replies
CreatePlease login to create content