Issue with Source NAT on ACE

nlkarthik · ‎12-16-2011

Hello All,

I face an issue while creating source nat on cisco ACE. There is already a default source nat ip for the context. I created a new one for smtp traffic alone. Iam facing issues in prefixing the newly created nat-pool rule(nat-pool 100) above the default one (nat-pool 2257) on the external gateway interface as its not placing that on top ,due to which only the default snat ip is getting shown on all servers. Can someone assist on this.

interface vlan 1137

description outside interface gateway

ip address 10.103.226.253 255.255.255.248

alias 10.103.226.252 255.255.255.248

peer ip address 10.103.226.254 255.255.255.248

access-group input internet

access-group output all

nat-pool 2257 209.34.80.240 209.34.80.240 netmask 255.255.255.255 pat >>>

nat-pool 100 209.34.80.246 209.34.80.246 netmask 255.255.255.255 pat >>>>

service-policy input VIPS

service-policy input INSPECTION_POLICY

service-policy input remote-mgmt

no shutdown

regards,

Karthik

pablo.nxh · ‎12-16-2011

Hi Karthik,

NAT is not applied in order based on lower/higher ID under the interface, in this case your NAT pool 2257 is taking precedence because it must be applied for the VIP doing the load balance either under the multi-match policy or the fist-match policy level.

i.e

policy-map multi-match LB

class VIP

loadbalance vip inservice

loadbalance policy Web

nat dynamic 2257 vlan 1137

If you want to change this behavior just swap the natpool ID under this section (keep in mind this will kill the the active connections).

HTH

__ __

Pablo