Source NAT pool and virtual ethernet address
rwilliams
Member ✭
Hi All,
Currently setting up some new 3030S devices which I have recently upgraded to 4.0.1.
We are setting up source NAT and the idea was to use the ve IP addresses for the associated vlan as the source NAT address in the pool.
I swear we had it setup like this in version 2.7.2P6. but since the upgrade it says we can not use the ve interface IP address as the source nat address in a pool.
Is there anyway of using the interface address as the source NAT now? Just trying to keep the number of IP addresses used down.
Thanks
Ryan
Currently setting up some new 3030S devices which I have recently upgraded to 4.0.1.
We are setting up source NAT and the idea was to use the ve IP addresses for the associated vlan as the source NAT address in the pool.
I swear we had it setup like this in version 2.7.2P6. but since the upgrade it says we can not use the ve interface IP address as the source nat address in a pool.
Is there anyway of using the interface address as the source NAT now? Just trying to keep the number of IP addresses used down.
Thanks
Ryan
0
Comments
Hi
Hi Ryan,
This should be possible with "Smart NAT" which will use the interface IP or VRRP Floating IP. Per admin guide:
Smart NAT provides source NAT for virtual ports. The IP addresses that Smart NAT uses to create the mappings depend on whether VRRP-A high availability is enabled and floating-IP addresses are configured:
• With VRRP-A high availability – If VRRP-A high availability is configured, Smart NAT uses configured floating IP addresses as NAT addresses.
• Without VRRP-A high availability – If VRRP-A high availability is not configured, then Smart NAT uses IP address(es) on the ACOS interface connected to the real server.
The configuration is applied to the VPORT with "source nat auto" command.
Mike
my configuration is as below, kindly let me know what i am missing.
!
access-list 111 permit ip 10.0.0.0 0.255.255.255 any
!
access-list 111 permit ip 192.168.0.0 0.0.255.255 any
!
interface ethernet 2
name "ISP 1"
enable
ip address 100.100.101.1 255.255.255.224
ip nat outside
exit-module
!
interface ethernet 3
name "ISP 2"
enable
ip address 100.100.102.1 255.255.255.224
ip nat outside
exit-module
!
interface ethernet 4
name "ISP 3"
enable
ip address 100.100.103.1 255.255.255.224
ip nat outside
exit-module
!
!
ip nat pool SNAT_ISP1 100.100.101.2 100.100.101.2 netmask /29 gateway 100.100.100.254
!
ip nat pool SNAT_ISP2 100.100.102.2 100.100.102.2 netmask /29 gateway 100.100.100.253
!
ip nat pool SNAT_ISP3 100.100.103.2 100.100.103.2 netmask /29 gateway 100.100.100.252
!
ip nat pool-group LLB2
member SNAT_ISP1 SNAT_ISP2 SNAT_ISP3
exit-module
!
slb virtual-server INTERNET 0.0.0.0 acl 111
extended-stats
port 0 tcp
clientip-sticky-nat
source-nat pool LLB2
service-group IPV4_0
use-rcv-hop-for-resp
template persist destination-ip dstpersist
no-dest-nat
exit-module
port 0 udp
clientip-sticky-nat
source-nat pool LLB2
service-group IPV4_1
use-rcv-hop-for-resp
template persist destination-ip dstpersist
no-dest-nat
exit-module
port 0 others
clientip-sticky-nat
source-nat pool LLB2
service-group IPV4_0
use-rcv-hop-for-resp
template persist destination-ip dstpersist
no-dest-nat
exit-module
exit-module
in the CLI when i ping 8.8.8.8 using source interface ethernet 2,3 and 4 i can ping 8.8.8.8
but when i use source snap ip
ping source 100.100.101.2 8.8.8.8 (no response)
ping source 100.100.102.2 8.8.8.8 (no response)
ping source 100.100.103.2 8.8.8.8 (no response)
Thanks,