Conditional outside NAT??

Unanswered Question
Feb 28th, 2007

i have a scenario like this:-

There are 3 companies A,B and C. The WAN connection is thru ISDN BRI links(1841 routers).Traffic from A has to travel to B and C. When traffic enters form A to B lan source ip of packets should appear as it is. But when traffic is headed for C the source ip address of packets from A have to be hidden. ie depending upon the destination the source ip's have to be as it is or hidden. Is this possible?. Is outside nat the solutoin. Pls help!!

Thanks and regards

Sonu

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Wed, 02/28/2007 - 05:44

Hi Sonu

On router A you can use a route-map to NAT when traffic is going to C

eg

Your router at Site A has an inside interface which connects to your internal network - fa0/0

& an external interface that is used to get to the remote site - fa0/1

Site A subnet is 192.168.5.0/24

Site C subnet is 172.16.5.0/24

access-list 101 permit ip 192.168.5.0 255.255.255.0 172.16.5.0 255.255.255.0

access-list 101 deny ip any any

route-map hide permit 10

match address 101

ip nat inside source route-map hide interface fa0/1 overload

On the inside interface fa0/0 -

ip nat inside

on the outside interface fa0/1

ip nat outside

What the above will do is if traffic from site A ( 192.168.5.0 ) goes to site C (172.16.5.0 ) it will get Natted to the IP address of the fa0/1 interface on your router.

If the 192.168.5.0 subnet goes to any other place or any other traffic going from inside to outside on your router this will not get Natted.

Does this make sense ?

Jon

Sonugnair_2 Thu, 03/01/2007 - 08:24

Hi,

Thanks,

Routers for company A & C are not under my control.As such i have to implement this using B's (my company's) 1841 router using outside nat & route maps ie if it is possible.

A's src ip = 10.15.215.101

C's src ip as seen by A = 172.29.41.10

C's src ip as seen by B (my company) = 10.1.5.197

B's (my company) LAN ranges:- 10.10.9.X

10.50.12.X

ie 10.1.5.197 has been NATed to 172.29.41.10

The requirement is:-

When traffic from A (10.15.215.101) goes to 172.29.41.10 (C) its source ip ie 10.15.215.101 has to be changed to 10.50.12.X.(to appear as though it is sourced from our LAN)

But when traffic from A(10.15.215.101) goes to our LAN its source ip has to remain as such.(obvious)

I want to know if this is possible by configuring our 1841 router having IOS 12.3, without doing anything on other routers.The connection between the routers is by ISDN BRI.Please advice as to how this can be overcome !

Thanks & regards

Sonu

Actions

This Discussion