Static Port Redirection (Dnat) Configuration Example - Cisco 4700M Configuration Manual

Chapter 5 Configuring Network Address Translation

Static Port Redirection (DNAT) Configuration Example

OL-16202-01
class-map type http loadbalance match-any L7_CLASS
match http content .*cisco.com
class-map match-any NAT_CLASS
match access-list NAT_ACCESS
policy-map type loadbalance http first-match L7_POLICY
class L7_CLASS
serverfarm SFARM1
nat dynamic 1 vlan 200 serverfarm primary
policy-map multi-match NAT_POLICY
class NAT_CLASS
loadbalance policy L7_POLICY
loadbalance vip inservice
interface vlan 100
mtu 1500
ip address 192.168.1.100 255.255.255.0
service-policy input NAT_POLICY
no shutdown
interface vlan 200
mtu 1500
ip address 172.27.16.2 255.255.255.0
nat-pool 1 172.27.16.15 172.27.16.24 netmask 255.255.255.0
no shutdown
The following DNAT configuration example shows those sections of the running
configuration related to the commands necessary to configure static port
redirection on your ACE. Typically, this configuration is used for DNAT, where
HTTP packets that are destined to 192.0.0.0/8 and ingressing the ACE on VLAN
101 are translated to 10.0.0.0/8 and port 8080. In this example, the servers are
hosting HTTP on custom port 8080.
access-list acl1 line 10 extended permit tcp 10.0.0.0 255.0.0.0
eq 8080 any
class-map match-any NAT_CLASS
match access-list acl1
policy-map multi-match NAT_POLICY
class NAT_CLASS
nat static 192.0.0.0 255.0.0.0 80 vlan 101
Cisco 4700 Series Application Control Engine Appliance Security Configuration Guide
NAT Configuration Examples
5-47