Cisco 4700M Configuration Manual page 337

Chapter 5 Configuring Network Address Translation
Table 5-1
Task and Command Example
6.
7.
8.
9.
10.
11.
12.
Cisco 4700 Series Application Control Engine Appliance Security Configuration Guide
OL-16202-01
Dynamic NAT and PAT Configuration Quick Start (continued)
Configure a class map and define a match statement for the ACL that you
configured in Step 3 for the client source address.
host1/C1(config)# class-map match-any NAT_CLASS
host1/C1(config-cmap)# match access-list NAT_ACCESS
host1/C1(config-cmap)# exit
Configure a policy map and associate the class map with the policy map.
host1/C1(config)# policy-map multi-match NAT_POLICY
host1/C1(config-pmap)# class NAT_CLASS
host1/C1(config-pmap-c)#
Configure dynamic NAT as a policy-map action.
host1/C1(config-pmap-c)# nat dynamic 1 vlan 200
host1/C1(config-pmap-c)# exit
host1/C1(config-pmap)# exit
Activate the policy on the client interface using a service policy. If you are
operating the ACE in one-arm mode, configure the service-policy
command on the interface specified in Step 10.
host1/C1(config)# interface vlan 100
host1/C1(config-if)# service-policy input NAT_POLICY
host1/C1(config-if)# ctrl-z
Configure the NAT pool on the server interface. To configure dynamic PAT,
include the pat keyword in the nat-pool command.
host1/C1(config)# interface vlan 200
host1/C1(config-if)# nat-pool 1 172.27.16.10 172.27.16.41 netmask
255.255.255.0 pat
host1/C1(config-if)# Ctrl-Z
(Optional) Save your configuration changes to flash memory.
host1/Admin# copy running-config startup-config
Display and verify your dynamic NAT and PAT configuration.
host1/C1# show running-config class-map
host1/C1# show running-config policy-map
host1/C1# show running-config service-policy
Configuring Dynamic NAT and PAT
5-11