07-06-2010 02:10 PM
folks
i'm trying to setup a 4710 with a client, server and management interface
i can see traffic passing through the appliance to my proxy where i'm capturing traffic but i want to use the server interface as the source IP and therefore NAT the original client's IP
i'm new to this box so i'm not sure how to do this
can anyone give me an indication of how to do this?
thanks to anyone taking the time to read this or to reply
Solved! Go to Solution.
07-06-2010 02:59 PM
Hi,
First, add the following to your multimatch-policy that currently handles proxy traffic:
policy-map multimatch something
class something
nat dynamic 1 vlan xxx
1 represents the pat-pool. You can use any number between 1 and 2147483647
xxx represents the vlan-id of your egress vlan interface (proxyserver vlan, e.g 100)
Then, add the following to your egress vlan-interface:
vlan xxx
nat-pool 1 x.x.x.x x.x.x.x netmask y.y.y.y pat
Again, 1 corresponds to the nat-pool configured in your multimatch policy
y.y.y.y represents the desired address to which you want to nat your clientaddresses
x.x.x.x represents the netmask, remember to use the netmask assigned to that subnet
pat simply applies many-to-one translation, rather than using one-to-one.
Example:
--------------
vlan 100
nat-pool 1 10.10.10.1 10.10.10.1 netmask 255.255.255.0 pat
10.10.10.1 in this case corresponds to the interface-address. Or you could assign a unique address/address range to represents your PAT-sessions.
hth
/Ulrich
07-06-2010 02:59 PM
Hi,
First, add the following to your multimatch-policy that currently handles proxy traffic:
policy-map multimatch something
class something
nat dynamic 1 vlan xxx
1 represents the pat-pool. You can use any number between 1 and 2147483647
xxx represents the vlan-id of your egress vlan interface (proxyserver vlan, e.g 100)
Then, add the following to your egress vlan-interface:
vlan xxx
nat-pool 1 x.x.x.x x.x.x.x netmask y.y.y.y pat
Again, 1 corresponds to the nat-pool configured in your multimatch policy
y.y.y.y represents the desired address to which you want to nat your clientaddresses
x.x.x.x represents the netmask, remember to use the netmask assigned to that subnet
pat simply applies many-to-one translation, rather than using one-to-one.
Example:
--------------
vlan 100
nat-pool 1 10.10.10.1 10.10.10.1 netmask 255.255.255.0 pat
10.10.10.1 in this case corresponds to the interface-address. Or you could assign a unique address/address range to represents your PAT-sessions.
hth
/Ulrich
07-06-2010 03:27 PM
ulrich
once again, many thanks for your patience and contribution
i'll apply the config tomorrow to checkhow it goes
many thanks
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: