Service Policy; Applying The Dynamic Nat And Pat Policy Map To An Interface Using A Service Policy - Cisco 4700M Configuration Manual

Configuring Dynamic NAT and PAT
Note
Applying the Dynamic NAT and PAT Policy Map to an Interface
Using a Service Policy
Note
Cisco 4700 Series Application Control Engine Appliance Security Configuration Guide
5-18
vlan number—Specifies the server interface for the global IP address. This
•
interface must be different from the interface that the ACE uses to filter and
receive traffic that requires NAT, unless the network design operates in
one-arm mode. In that case, the VLAN number is the same.
If a packet egresses an interface that you have not configured for NAT, the ACE
transmits the packet untranslated.
The following example specifies the nat command as an action for a dynamic
NAT Layer 3 and Layer 4 policy map:
host1/C1(config)# policy-map multi-action NAT_POLICY
host1/C1(config-pmap)# class NAT_CLASS
host1/C1(config-pmap-c)# nat dynamic 1 vlan 200
To remove a dynamic NAT action from a policy map, enter:
host1/C1(config-pmap-c)# no nat dynamic 1 vlan 200
Activate the dynamic NAT and PAT policy map and associate it with an interface
by using the service-policy command in interface configuration mode. For details
about the service-policy command, see the Cisco 4700 Series Application Control
Engine Appliance Administration Guide.
You can configure dynamic NAT as an input service policy only, not as an output
service policy. You cannot apply the same NAT policy both locally and globally.
The syntax of this command is as follows:
service-policy input policy_name
The keywords and arguments are as follows:
input—Specifies that the traffic policy is to be attached to the input direction
•
of a VLAN interface. The traffic policy evaluates all traffic received by that
interface.
Chapter 5 Configuring Network Address Translation
OL-16202-01