Cisco 4700M Configuration Manual page 351

Chapter 5 Configuring Network Address Translation
To create a pool of IP addresses for dynamic NAT, use the nat-pool command in
interface configuration mode. The syntax of this command is as follows:
The keywords, arguments, and options are as follows:
•
•
•
•
Cisco 4700 Series Application Control Engine Appliance Security Configuration Guide
OL-16202-01
nat-pool pool_id ip_address1 ip_address2 netmask mask
pool_id—Identifier of the NAT pool of global IP addresses. Enter an integer
from 1 to 2147483647.
If you configure more than one NAT pool with the same ID, the ACE
Note
uses the last-configured NAT pool first, and then the other NAT pools.
ip_address1—Single IP address, or if also using the ip_address2 argument,
the first IP address in a range of global addresses used for NAT. Enter an IP
address in dotted-decimal notation (for example, 172.27.16.10).
ip_address2—Highest IP address in a range of global IP addresses used for
NAT. Enter an IP address in dotted-decimal notation (for example,
172.27.16.26). You can configure a maximum of 64 K addresses in a NAT
pool.
You cannot configure an IP address range across subnets. For example, the
following command is not allowed and will generate an Invalid IP address
error: nat-pool 2 10.0.6.1 10.0.7.20 netmask 255.255.255.0.
The ACE allows you to configure a virtual IP (VIP) address in the
Note
NAT pool for dynamic NAT. This action is useful when you want to
source NAT real server originated connections (bound to the client)
using the VIP address. This feature is specifically useful when there
are a limited number of real world IP addresses on the client-side
network.
netmask mask—Specifies the subnet mask for the IP address pool. Enter a
mask in dotted-decimal notation (for example, 255.255.255.255). A network
mask of 255.255.255.255 instructs the ACE to use all the IP addresses in the
specified range.
Configuring Server Farm-Based Dynamic NAT
5-25