Can I create ip nat outside on Aruba controllers?
This article is applicable on controllers running 126.96.36.199 OS.
Requirement: Customers are looking for NAT Outside support where multiple internal networks traffic needs to be NAT’ed.
AOS currently supports “ip nat inside” feature where traffic gets NAT’d with the desired IP address of the VLAN interface as the source address. While this feature makes sense for traffic going out of uplink VLAN interface, for traffic which needs local routing, this causes unnecessary address translation. All the non-public inter-VLAN communication gets unnecessary address translation.
This feature solves this issue by having only outbound traffic to get nat’d while the locally routed traffic shall be sent without any address translation. This feature shall be applied on all public facing egress VLAN interfaces. When applied, all the outbound traffic shall get nat’d with the IP address of the VLAN interface as the source address. All the non-public inter-VLAN communication which is routed locally shall remain unaffected.
ip address 188.8.131.52 255.255.255.0
ip nat outside
(C1) #show interface vlan 200
VLAN200 is up line protocol is up
MTU 1500 bytes
IP NAT Outside is enabled on this interface
Last clearing of "show interface" counters 0 day 21 hr 47 min 4 sec
link status last changed 0 day 21 hr 44 min 53 sec
Proxy Arp is disabled for the Interface
Auto Operstate up is enabled for this Interface
Tunnels Configured on this Interface:
#show datapath session (command will help getting stats for session traffic).