Cisco 4700M Configuration Manual page 340

Configuring Dynamic NAT and PAT
•
If the ACE runs out of IP addresses in a NAT pool, it can switch over to a PAT
rule, if configured. For example, you can configure the following:
host1/Admin(config-if)# nat-pool 1 10.1.100.10 10.1.100.99 netmask
255.255.255.255
host1/Admin(config-if)# nat-pool 1 10.1.100.100 10.1.100.100 netmask
255.255.255.255 pat
If your network configuration has the following conditions, you should configure
multiple PAT pools with a single IP address in each pool:
•
•
•
•
So instead of configuring:
host1/Admin(config-if)# nat-pool 1 3.3.3.3 3.3.3.5 netmask
255.255.255.255 pat
configure:
host1/Admin(config-if)# nat-pool 1 192.161.12.3 netmask
255.255.255.255 pat
host1/Admin(config-if)# nat-pool 1 192.161.12.4 netmask
255.255.255.255 pat
host1/Admin(config-if)# nat-pool 1 192.161.12.5 netmask
255.255.255.255 pat
To configure a NAT pool consisting of a range of 32 (the maximum number of IP
addresses per PAT pool) global IP addresses with PAT, enter:
host1/C1(config)# interface vlan 200
host1/C1(config-if)# nat-pool 1 172.27.16.10 172.27.16.41 netmask
255.255.255.255 pat
Before you can remove a NAT pool from an interface, you must remove the
Note
service policy and the policy map associated with the NAT pool.
Cisco 4700 Series Application Control Engine Appliance Security Configuration Guide
5-14
pat—(Optional) Specifies that the ACE perform Port Address Translation
(PAT) in addition to NAT.
Traffic coming from the same source IP address
Source ports varying from 1 to 64000
The same destination port going to different destination addresses
All ports in one PAT pool are used
Chapter 5 Configuring Network Address Translation
OL-16202-01