06-18-2013 11:29 AM
Hello,
I have a little config issue...
I have an ACE4710 loadbalancer, the load balancer have a public ip address on its uplink interface, and private address on its downlink interface.
There is a server connected to the downlink interface, and this server wants to set up a connection to the Internet, so the ACE should perform a NAT.
Somewhere I made a mistake or misunderstood something:
so first of all I created an access-list matched to the server ip address space:
access-list NAT_ACCESS line 10 extended permit ip <server ip address> any
then created a class-map matching to this ACL:
class-map match-any NAT_CLASS
match access-list NAT_ACCESS
then created a policy-map, containing which vlan the nat will occur:
policy-map multi-match NAT_POLICY
class NAT_CLASS
nat dynamic 1 vlan 100
After this I defined the nat pool on interface Vlan100
interface vlan 100
<uplink interface, connected to Internet>
ip address <public address>/<mask>
nat-pool 1 <public address_1> netmask <mask> pat
no shutdown
Finally assigned the policy-map to the downlink interface:
interface vlan 150
<Downlink interface, connected to servers>
ip address <privát cím>
service-policy input NAT_POLICY
no shut
This config didn't do any NAT, so where did I make the mistake?
BR, Attila
06-18-2013 04:51 PM
Hello Attila-
You actually want static nat. It is a 1:1 nat in and out. Remove everything and try this:
class-map match-any NAT_CLASS
2 match source-address
policy-map multi-match NAT_POLICY
class NAT_CLASS
nat staticnetmask 255.255.255.255 vlan 100
interface vlan 150
ip address
service-policy input NAT_POLICY
no shut
Regards,
Chris Higgins
06-19-2013 05:59 AM
Later there will be more servers...
So I missed an interface acl on downlink interface:
access-list everyone extended permit ip any any
access-list everyone extended permit icmp any any
interface Vlan150
access-group input everyone
And it is working as expected.
BR, Attila
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide