Configuring Server Farm-Based Dynamic Nat As A Layer 7 Policy Action - Cisco 4700M Configuration Manual

Configuring Server Farm-Based Dynamic NAT
Configuring Server Farm-Based Dynamic NAT as a Layer 7 Policy
Action
Note
Cisco 4700 Series Application Control Engine Appliance Security Configuration Guide
5-28
Configure server farm-based dynamic NAT as an action in a Layer 7
load-balancing policy map by using the nat command in policy-map
load-balancing class configuration mode. Typically, you use dynamic NAT for
SNAT. Dynamic NAT allows you to identify local traffic for address translation
by specifying the source and destination addresses in an extended ACL, which is
referenced as part of the class map traffic classification. The ACE applies
dynamic NAT from the interface to which the traffic policy is attached (through
the service-policy interface configuration command) to the interface specified in
the nat dynamic command.
The syntax of this command is as follows:
nat dynamic pool_id vlan number serverfarm {primary | backup}
The keywords and arguments are as follows:
pool_id—Identifier of the NAT pool of global IP addresses. Enter an integer
•
from 1 to 2147483647.
If you configure more than one NAT pool with the same ID, the ACE
Note
uses the last-configured NAT pool first, and then the other NAT pools.
vlan number—Specifies the server interface for the global IP address. This
•
interface must be different from the interface that the ACE uses to filter and
receive traffic that requires NAT, unless the network design operates in
one-arm mode. In that case, the VLAN number is the same.
serverfarm—Specifies server farm-based dynamic NAT.
•
primary | backup—Specifies that the dynamic NAT applies to either the
•
primary server farm or the backup server farm.
If a packet egresses an interface that you have not configured for NAT, the ACE
transmits the packet untranslated.
Chapter 5 Configuring Network Address Translation
OL-16202-01