Is this possible with nat statements ?

Unanswered Question
Mar 17th, 2007

The company I work for has a number of remote branches that are only able to route traffic on a 10.1.xxx.xxx network.

A requirement to allow these branches to connect to a public IP (port 2700) is proving somewhat of a headache - since the routes are unreachable. It is not possible to make changes on those routers as it is a managed network and would be costly.

I have a 1721 router that has two ethernet interfaces. I want to be able to use the inside interface (10.1.99.99) to 'proxy' these sessions onto the remote host (via the second e0) based on traffic hitting the 10.1.99.99 interface on port 2700.

Is this something that can be achieved using ip nat statements ?

Thanks in advance for any useful advice.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Sat, 03/17/2007 - 15:08

Hi

Assuming your e0 interface on your router has a publically routable IP address you can use nat with a route map for this.

ip nat inside source route-map natclients interface e0 overload

access-list 101 permit ip 10.1.x.x 255.255.0.0 host "public ip"

route-map natclients permit 10

match ip address 120

If you only want to NAT internal clients when they are trying to communicate with the public IP on 2700 you can modify access-list 101 to

access-list 101 permit tcp 10.1.x.x 255.255.0.0 host "public IP" eq 2700

HTH

Jon

Purist1972 Tue, 03/20/2007 - 13:40

Thanks for the reply.

I managed to remedy the problem by placing a PIX 506 on the network and using dnat (using the alias command) to map an internal 10.1.xx.xxx address to the public IP address that I want the internal clients to reach.

Rgrds

Actions

This Discussion