How can I use a VS IP as a source NAT in WILDCARD VS
Hi, guys.
I've observed instances in various clients where an SLB VS is configured alongside NHLD. When an internal client accesses the Internet, the SNAT is typically a pool or auto-NAT, based on our configuration. However, there are scenarios where exceptions are necessary, and an internal client must use the SLB VS IP address. For example:
SLB VS:
Name: test
IP: 8.8.8.8
Wildcard VS:
Client A:
Internal IP: 172.16.200.20
SNAT: Auto
Client B:
Internal IP: 172.16.200.30
SNAT: 8.8.8.8
How can I achieve this? I'm trying to do it with an Aflex."
0
Comments
If I am understanding the question correctly
Try associating access-list(s) with nat pool(s) or group(s). Anything that doesn't match access list will use auto
access-list 123 8 permit ip host 172.16.200.30 any
ip nat pool xyz 8.8.8.8 8.8.8.8 netmask /24
port 80 http
access-list 123 source-nat-pool xyz
source-nat auto
service-group sg-1
sampling-enable all
Hi dquinn
The ip 8.8.8.8 is already used as slb virtual server for example let's say it has a https vport and in wildcard virtual server (0.0.0.0) client B (172.16.200.30) needs to use the ip 8.8.8.8 as snat and Client A (172.16.200.20) will use snat auto
The access-list source-nat solution proposed by dquinn should fulfill your requirement. The high-level approach would be:
Clients that match the ACL will receive VS SNAT IP. Clients who miss the ACL will receive SNAT auto IP.
Thanks Guys
I did not know that we can use the VIP as pool nat so I finally made it