====== A10 NAT ======
  * A10 outgoing NAT 分成 L3-mode 及 L4 概念來處理的 NAT


===== Wildcard outgoing NAT =====
  * Layer 4 概念的 outgoing NAT
    - 將 Clinet 端的 interface 設定為監聽模式 allow-promiscuous-vip
    - 建立將要帶出去之 NAT IP (不能為 interface IP)
    - 將 Gateway 視為 SLB Server 建立 Real Server
    - 分別建立該 Gateway 的 Server Group (TCP 及 UDP 分開)，並將 Gateway 的 Real Sevrer 加為 member
    - 使用 wildcard VIP 將流量送到 Gateway，但是 no-dest-nat (不換 destination IP，只換 destination MAC 為 gateway MAC)
  * Gateway IP: 10.2.2.254/24
  * Source IP: 10.1.1.0/24
  * NAT IP: 10.2.2.100
  * Source vlan: 10
<code>
interface ve 10
 ip allow-promiscuous-vip
!
ip nat pool SNAT_IP 10.2.2.100 10.2.2.100 netmask /24
!
slb server GW_IP 10.2.2.254
   port 0  tcp
       no health-check
   port 0  udp
       no health-check
!
slb service-group GW_TCP tcp
    member GW_IP:0
!
slb service-group GW_UDP udp
    member GW_IP:0
!
slb virtual-server _wildcard_vserver 0.0.0.0
   port 0  tcp
      source-nat pool SNAT_IP
      service-group GW_TCP
      no-dest-nat
   port 0  udp
      source-nat pool SNAT_IP
      service-group GW_UDP
      no-dest-nat
   port 0  others
      source-nat pool SNAT_IP
      service-group GW_TCP
      no-dest-nat
   port 21  ftp
      source-nat pool SNAT_IP
      service-group GW_TCP
      no-dest-nat
</code>

===== L3 mode NAT =====
  * Gateway IP: 10.2.2.254/24
  * Source IP: 10.1.1.0/24
  * NAT IP: 10.2.2.100
  * Source vlan: 10
  * Gateway vlan: 20
<code>
interface ve 20
 ip nat outside
interface ve 10
 ip nat inside
!
access-list 101 permit ip 10.1.1.0 0.0.0.255 any
!
ip nat pool SNAT_IP 10.2.2.100 10.2.2.100 netmask /24
!
ip nat inside source list 101 pool SNAT_IP
</code>