cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
492
Views
0
Helpful
2
Replies

Outgoing NAT to server interface IP

mulhollandm
Level 1
Level 1

folks

i'm trying to setup a 4710 with a client, server and management interface

i can see traffic passing through the appliance to my proxy where i'm capturing traffic but i want to use the server interface as the source IP and therefore NAT the original client's IP

i'm new to this box so i'm not sure how to do this

can anyone give me an indication of how to do this?

thanks to anyone taking the time to read this or to reply

1 Accepted Solution

Accepted Solutions

UHansen1976
Level 1
Level 1

Hi,

First, add the following to your multimatch-policy that currently handles proxy traffic:

policy-map multimatch something

class something

   nat dynamic 1 vlan xxx

1 represents the pat-pool. You can use any number between 1 and 2147483647

xxx represents the vlan-id of your egress vlan interface (proxyserver vlan, e.g 100)

Then, add the following to your egress vlan-interface:

vlan xxx

  nat-pool 1 x.x.x.x x.x.x.x netmask y.y.y.y pat

Again, 1 corresponds to the nat-pool configured in your multimatch policy

y.y.y.y represents the desired address to which you want to nat your clientaddresses

x.x.x.x represents the netmask, remember to use the netmask assigned to that subnet

pat simply applies many-to-one translation, rather than using one-to-one.

Example:

--------------

vlan 100

  nat-pool 1 10.10.10.1 10.10.10.1 netmask 255.255.255.0 pat

10.10.10.1 in this case corresponds to the interface-address. Or you could assign a unique address/address range to represents your PAT-sessions.

hth

/Ulrich

View solution in original post

2 Replies 2

UHansen1976
Level 1
Level 1

Hi,

First, add the following to your multimatch-policy that currently handles proxy traffic:

policy-map multimatch something

class something

   nat dynamic 1 vlan xxx

1 represents the pat-pool. You can use any number between 1 and 2147483647

xxx represents the vlan-id of your egress vlan interface (proxyserver vlan, e.g 100)

Then, add the following to your egress vlan-interface:

vlan xxx

  nat-pool 1 x.x.x.x x.x.x.x netmask y.y.y.y pat

Again, 1 corresponds to the nat-pool configured in your multimatch policy

y.y.y.y represents the desired address to which you want to nat your clientaddresses

x.x.x.x represents the netmask, remember to use the netmask assigned to that subnet

pat simply applies many-to-one translation, rather than using one-to-one.

Example:

--------------

vlan 100

  nat-pool 1 10.10.10.1 10.10.10.1 netmask 255.255.255.0 pat

10.10.10.1 in this case corresponds to the interface-address. Or you could assign a unique address/address range to represents your PAT-sessions.

hth

/Ulrich

ulrich

once again, many thanks for your patience and contribution

i'll apply the config tomorrow to checkhow it goes

many thanks

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: