I face an issue while creating source nat on cisco ACE. There is already a default source nat ip for the context. I created a new one for smtp traffic alone. Iam facing issues in prefixing the newly created nat-pool rule(nat-pool 100) above the default one (nat-pool 2257) on the external gateway interface as its not placing that on top ,due to which only the default snat ip is getting shown on all servers. Can someone assist on this.
interface vlan 1137
description outside interface gateway
ip address 10.103.226.253 255.255.255.248
alias 10.103.226.252 255.255.255.248
peer ip address 10.103.226.254 255.255.255.248
access-group input internet
access-group output all
nat-pool 2257 184.108.40.206 220.127.116.11 netmask 255.255.255.255 pat >>>
nat-pool 100 18.104.22.168 22.214.171.124 netmask 255.255.255.255 pat >>>>
NAT is not applied in order based on lower/higher ID under the interface, in this case your NAT pool 2257 is taking precedence because it must be applied for the VIP doing the load balance either under the multi-match policy or the fist-match policy level.
policy-map multi-match LB
loadbalance vip inservice
loadbalance policy Web
nat dynamic 2257 vlan 1137
If you want to change this behavior just swap the natpool ID under this section (keep in mind this will kill the the active connections).
Topology & Design:
Two ACI fabrics
Stretching VLANs using OTV
Both fabrics are advertising BD subnets into same routing domain
Some BDs(or say VLANs) are stretched, but some are not.
Endpoints can move betwee...
VMware Trunk Port Group is supported from ACI version 2.1
VMM integration must be configured properly
ASA device package must be uploaded to APIC
ASAv version must be compatible with ACI and device package version
Topology &Design:Traffic flow within same fabric:Endpoint moves to Fabric-2Bounce Entry Times OutTraffic Black-holedSummarySolutionAppendix:
In the Previous articles of ACI Automation, we are using Postman/Newman a...