Server Farm-Based Dynamic Nat; Static Nat - Cisco 4700M Configuration Manual
Application control engine appliance security
Hide thumbs
Also See for 4700M:
- Administration manual (292 pages) ,
- Upgrade manual (24 pages) ,
- Installation manual (18 pages)
Table of Contents
Advertisement
Network Address Translation Overview
Server Farm-Based Dynamic NAT
Static NAT
Cisco 4700 Series Application Control Engine Appliance Security Configuration Guide
5-6
In addition to the interface-level dynamic NAT, the ACE supports dynamic NAT
at the server farm level. Server farm-based dynamic NAT, which is also used for
SNAT, is useful in situations where you want to perform NAT on only the IP
addresses of the real servers in the primary and/or the backup server farm. Like
interface-based dynamic NAT, server farm-based dynamic NAT uses a pool of IP
addresses to translate a source address. Unlike interface-based NAT, server
farm-based NAT translates the primary server farm IP addresses, the backup
server farm IP addresses, or both.
Use this feature in the following cases:
The ACE is configured in one-arm mode, that is, there is only one VLAN
•
between the ACE and the Cisco Systems 6500 and 7600 Series Catalyst
MSFC that is used for both client and server traffic. Both the primary and
backup server farms are in the internal customer network (reachable from the
same VLAN or from different VLANs), the primary server farm is Layer
2-attached, and the backup server farm is several Layer 3 hops away. In this
case, perform NAT only for the backup server farm and never for the primary
server farm.
The ACE is configured in one-arm mode, the primary server farm is local, and
•
the backup server farm is remote and reachable from the public, external
network. In this case, use a private pool of IP addresses for SNAT of the
primary server farm and a public, externally routable set of IP addresses for
the backup server farm.
You want to perform source NAT based on a Layer 7 rule or the selected
•
server farm.
For details about configuring server farm-based dynamic NAT, see the
"Configuring Server Farm-Based Dynamic NAT"
Static NAT, which is typically used for Destination NAT (DNAT), translates each
local address to a fixed global address. With dynamic NAT and PAT, each host
uses a different address or port after the translation times out. Because the global
address is the same for each consecutive connection with static NAT, and a
persistent translation rule exists, static NAT allows hosts on the global network to
initiate traffic to a local host (if there is an ACL that allows it).
Chapter 5
Configuring Network Address Translation
section.
OL-16202-01
Advertisement
Table of Contents
