Hi, guys.
I’ve observed instances in various clients where an SLB VS is configured alongside NHLD. When an internal client accesses the Internet, the SNAT is typically a pool or auto-NAT, based on our configuration. However, there are scenarios where exceptions are necessary, and an internal client must use the SLB VS IP address. For example:
SLB VS:
Name: test
IP: 8.8.8.8
Wildcard VS:
Client A:
Internal IP: 172.16.200.20
SNAT: Auto
Client B:
Internal IP: 172.16.200.30
SNAT: 8.8.8.8
How can I achieve this? I’m trying to do it with an Aflex."
If I am understanding the question correctly
Try associating access-list(s) with nat pool(s) or group(s). Anything that doesn’t match access list will use auto
access-list 123 8 permit ip host 172.16.200.30 any
ip nat pool xyz 8.8.8.8 8.8.8.8 netmask /24
port 80 http
access-list 123 source-nat-pool xyz
source-nat auto
service-group sg-1
sampling-enable all
Hi dquinn
The ip 8.8.8.8 is already used as slb virtual server for example let’s say it has a https vport and in wildcard virtual server (0.0.0.0) client B (172.16.200.30) needs to use the ip 8.8.8.8 as snat and Client A (172.16.200.20) will use snat auto
- The access-list source-nat solution proposed by dquinn should fulfill your requirement. The high-level approach would be:
configure the access-list to match your internal clients that need VS SNAT IP (client B, etc) - configure the source-nat pool with IP address matching your VS IP (8.8.8.8)
- configure the access-list source-nat under your Wildcard VIP’s port 0 virtual ports.
Clients that match the ACL will receive VS SNAT IP. Clients who miss the ACL will receive SNAT auto IP.
Thanks Guys
I did not know that we can use the VIP as pool nat so I finally made it