NAT translation

Unanswered Question
Sep 14th, 2007

Hello,

I have the following scenario: Router ? ASA ? FTP Servers cluster.

The cluster has 2 servers (192.168.130.1 & 192.168.130.2) with a virtual IP of 192.168.130.4. Communication can be initiated either from customer or from servers. When communications is initiated from customer, the customer will try to reach a fake ip 172.16.1.1 that must be translated to the virtual ip of the cluster 192.168.130.4. The reply traffic comes from the virtual ip 192.168.130.4. So if I configure a static nat at the router (192.168.130.4  172.16.1.1) incoming ftp connection works.

The problem is that when the ftp is initiated manually from the server then it uses the real ip as source (instead of the virtual) so the above static nat can not be used. Also I only have 1 fake ip (172.16.1.1) for translation.

So my question: is it possible to translate 3 inside local IPs to 1 inside global so that traffic can be initiated from both inside and outside?

Any idea will be appreciated.

Thanks,

Evi.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 2 (1 ratings)
Loading.
aghaznavi Fri, 09/21/2007 - 06:07

Before you configure a NAT rate limit, you should first classify current NAT usage and determine the sources of requests for NAT translations. If a specific host, access control list, or VRF instance is generating an unexpectedly high number of NAT requests, it may be the source of a malicious virus or worm attack. Once you have identified the source of excess NAT requests, you can set a NAT rate limit that contains a specific host, access control list, or VRF instance, or you can set a general limit for the maximum number of NAT requests allowed regardless of their source

http://www.cisco.com/en/US/products/sw/iosswrel/ps5207/products_feature_guide09186a00801d09f0.html

Actions

This Discussion