Snat in NHLD with alternate server
Hi
I have this scenario in a client´s infrastructure where they have 2 Internet links in active pasive mode
slb server LINK-1 20.20.20.1
alternate LINK-2
port 0 tcp
port 0 udp
slb server LINK-2 30.30.30.1
port 0 tcp
port 0 udp
---------------------------------------------------------------------------
slb service-group SG-INTERNET-TCP tcp 0
member link-1 0
slb service-group SG-INTERNET-UDP udp 0
member link-1 0
---------------------------------------------------------------------------
slb virtual-server WCARD-VIP 0.0.0.0
port 0 tcp
no-dest-nat
service-group SG-INTERNET-TCP
source-nat auto
aflex SNAT
port 0 others
no-dest-nat
service-group SG-INTERNET-TCP
source-nat auto
aflex SNAT
port 0 tcp
no-dest-nat
service-group SG-INTERNET-UDP
source-nat auto
aflex SNAT
---------------------------------------------------------------------------
aflex SNAT
when CLIENT_ACCEPTED {
if { [IP::addr [IP::local_addr] equals 192.168.1.100] } {
snatpool STATIC-1
}
---------------------------------------------------------------------------
ip nat pool STATIC-1 20.20.20.5 20.20.20.5 netmask /24
ip nat pool STATIC-2 30.30.30.5 30.30.30.5 netmask /24
When the user 192.168.1.100 starts a comunication to the Internet it will go over LINK-1 with the Public src IP 20.20.20.5 as expected but if LINK-1 fails it will continue using STATIC-1 pool nat
How can I configure the aflex to use STATIC-2 nat pool when LINK-1 is down?
Thanks for your help!
Comments
try replacing source-nat auto with a nat pool group. ACOS will apply correct member for outbound route.
ACOS(config)# ip nat pool-group outbound-nat-group
ACOS(config-pool-group:outbound-nat-gro)# member STATIC-1
ACOS(config-pool-group:outbound-nat-gro)# member STATIC-2
slb virtual-server WCARD-VIP 0.0.0.0
port 0 tcp
no-dest-nat
service-group SG-INTERNET-TCP
pool outbound-nat-groupACOS
Thanks, I will try it.