NAT Configuration Examples
Server Farm-Based Dynamic NAT (SNAT) Configuration Example
Cisco 4700 Series Application Control Engine Appliance Security Configuration Guide
5-46
access-list NAT_ACCESS line 10 extended permit tcp 192.168.12.0
255.255.255.0 1 72.27.16.0 255.255.255.0 eq http
class-map match-any NAT_CLASS
match access-list NAT_ACCESS
policy-map multi-match NAT_POLICY
class NAT_CLASS
nat dynamic 1 vlan 200
interface vlan 100
mtu 1500
ip address 192.168.1.100 255.255.255.0
service-policy input NAT_POLICY
no shutdown
interface vlan 200
mtu 1500
ip address 172.27.16.2 255.255.255.0
nat-pool 1 172.27.16.15 172.27.16.24 netmask 255.255.255.0 pat
no shutdown
The following SNAT configuration example shows the commands that you use to
configure server farm-based dynamic NAT on your ACE. In this SNAT example,
real servers addresses on the 172.27.16.0 network are translated to one of the IP
addresses in the NAT pool defined on VLAN 200 by the nat-pool command.
If you are operating the ACE in one-arm mode, omit interface VLAN 100 and
configure the service policy on interface VLAN 200.
access-list NAT_ACCESS line 10 extended permit tcp 192.168.12.0
255.255.255.0 1 72.27.16.0 255.255.255.0 eq http
rserver SERVER1
ip address 172.27.16.3
inservice
rserver SERVER2
ip address 172.27.16.4
inservice
serverfarm SFARM1
rserver SERVER1
inservice
rserver SERVER2
inservice
Chapter 5
Configuring Network Address Translation
OL-16202-01