Configuring Server Farm-Based Dynamic NAT
Configuring an ACL for Server Farm-Based Dynamic NAT
Configuring Interfaces for Server Farm-Based Dynamic NAT
Creating a Global IP Address Pool for Dynamic NAT
Note
Cisco 4700 Series Application Control Engine Appliance Security Configuration Guide
5-24
Use an access control list (ACL) to permit the traffic that requires NAT. For details
about configuring an ACL, see
Lists.
To configure an ACL for dynamic NAT, use the access-list command in
configuration mode. The syntax of this command is as follows:
access-list name [line number] extended {deny | permit}
{protocol} {src_ip_address netmask | any | host src_ip_address}
[operator port1 [port2]] {dest_ip_address netmask | any | host
dest_ip_address} [operator port3 [port4]]
For example, enter:
host1/C1(config)# access-list NAT_ACCESS extended permit tcp
192.168.12.0 255.255.255.0 172.27.16.0 255.255.255.0 eq 80
To delete the ACL from the configuration, enter:
host1/C1(config)# no access-list nat_access
Configure an interface for clients and an interface for the real servers. If you are
operating the ACE in one-arm mode, omit the client interface. For details about
configuring interfaces, see the Cisco 4700 Series Application Control Engine
Appliance Routing and Bridging Configuration Guide.
Dynamic NAT uses a pool of global IP addresses that you specify. You can define
a range of global IP addresses when using dynamic NAT. To use a range of
addresses, you assign an identifier to the address pool. You then associate the NAT
pool with the server VLAN interface.
If a packet egresses an interface that you have not configured for NAT, the ACE
transmits the packet untranslated.
Chapter 5
Configuring Network Address Translation
Chapter 1, Configuring Security Access Control
OL-16202-01