Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Outgoing NAT to server interface IP

folks

i'm trying to setup a 4710 with a client, server and management interface

i can see traffic passing through the appliance to my proxy where i'm capturing traffic but i want to use the server interface as the source IP and therefore NAT the original client's IP

i'm new to this box so i'm not sure how to do this

can anyone give me an indication of how to do this?

thanks to anyone taking the time to read this or to reply

1 ACCEPTED SOLUTION

Accepted Solutions
Bronze

Re: Outgoing NAT to server interface IP

Hi,

First, add the following to your multimatch-policy that currently handles proxy traffic:

policy-map multimatch something

class something

   nat dynamic 1 vlan xxx

1 represents the pat-pool. You can use any number between 1 and 2147483647

xxx represents the vlan-id of your egress vlan interface (proxyserver vlan, e.g 100)

Then, add the following to your egress vlan-interface:

vlan xxx

  nat-pool 1 x.x.x.x x.x.x.x netmask y.y.y.y pat

Again, 1 corresponds to the nat-pool configured in your multimatch policy

y.y.y.y represents the desired address to which you want to nat your clientaddresses

x.x.x.x represents the netmask, remember to use the netmask assigned to that subnet

pat simply applies many-to-one translation, rather than using one-to-one.

Example:

--------------

vlan 100

  nat-pool 1 10.10.10.1 10.10.10.1 netmask 255.255.255.0 pat

10.10.10.1 in this case corresponds to the interface-address. Or you could assign a unique address/address range to represents your PAT-sessions.

hth

/Ulrich

2 REPLIES
Bronze

Re: Outgoing NAT to server interface IP

Hi,

First, add the following to your multimatch-policy that currently handles proxy traffic:

policy-map multimatch something

class something

   nat dynamic 1 vlan xxx

1 represents the pat-pool. You can use any number between 1 and 2147483647

xxx represents the vlan-id of your egress vlan interface (proxyserver vlan, e.g 100)

Then, add the following to your egress vlan-interface:

vlan xxx

  nat-pool 1 x.x.x.x x.x.x.x netmask y.y.y.y pat

Again, 1 corresponds to the nat-pool configured in your multimatch policy

y.y.y.y represents the desired address to which you want to nat your clientaddresses

x.x.x.x represents the netmask, remember to use the netmask assigned to that subnet

pat simply applies many-to-one translation, rather than using one-to-one.

Example:

--------------

vlan 100

  nat-pool 1 10.10.10.1 10.10.10.1 netmask 255.255.255.0 pat

10.10.10.1 in this case corresponds to the interface-address. Or you could assign a unique address/address range to represents your PAT-sessions.

hth

/Ulrich

Community Member

Re: Outgoing NAT to server interface IP

ulrich

once again, many thanks for your patience and contribution

i'll apply the config tomorrow to checkhow it goes

many thanks

317
Views
0
Helpful
2
Replies
CreatePlease to create content