Destiantion and Souce Natting at the same time

config_raval · ‎05-22-2008

I have a router with e0 and s0.

There are packets arriving on e0 with destination 10.1.1.1 & 10.1.1.2 from any source. I want to change the destination address to 10.2.2.1 and 10.2.2.2 statically respectively.

Packet destined for other destination sholud left untough. Also at the same time I want to do PATTING for the any source IP address to 10.3.3.3 which is my loopback1 IP address

So in short,

source any - PAT - 10.3.3.3(loopback1)

Destination 10.1.1.1 - NAT - 10.2.2.1

Destination 10.1.1.2 - NAT - 10.2.2.2

Destination other - NAT - Destination other.

What will be required config for this?

paolo bevilacqua · ‎05-22-2008

This is done with route-maps and is described in the NAT configuration guide. Basically you will have as many nat statements as many specialized "classes" you have.

Hope this helps, please rate post i it does!

config_raval · ‎05-22-2008

Thanks, Paolo for your answer.

Is this possible using this configuration? Do I need to use route map for this?Unfortunately, I am unable to test this in lab environment.

interface e0

ip nat inside

interface s0

ip nat outside

ip nat outside source static 10.2.2.1 10.1.1.1

ip nat outside source static 10.2.2.2 10.1.1.2

ip nat inside source list 1 interface loopback1 overload

paolo bevilacqua · ‎05-22-2008

I think it should be ip nat inside for all cases.

config_raval · ‎05-22-2008

Are you sure as I want to translates the destination of the IP packets that travel from inside interface to outside interface.

raviprakash_leo · ‎05-22-2008

IP nat outside should be the command. If you use IP nat inside the packets coming from outside to inside will be translated. You want translation for inside outside correct?

Oh and let me add, the statement will send traffic destined to 10.1.1.1 and 10.1.1.2 recieved on e0 to s0 after changing the destination to 10.2.2.1 and 10.2.2.2 respectivley.

lamav · ‎05-23-2008

There seems to be some confusion regarding the default behavior of NAT and its configuration.

By default, the purpose of Network Address Translations is to translate the SOURCE address of a packet that may be received by either the "inside" interface or "outside" interface. Either way, it's the SOURCE address that's translated.

The difference between the 2 is reflected in the configuration.

For example, the command

ip nat inside source static 1.1.1.1 2.2.2.2

will inspect the packet received on the "inside" NAT interface and translate the source IP address from 1.1.1.1 to 2.2.2.2.

On the other hand, the command

ip nat outside source static 2.2.2.2 1.1.1.1

will inspect the packet received on the "outside" NAT interface and translate the source address from 2.2.2.2 to 1.1.1.1

Notice that in either case, it is the SOURCE address that is NAT'ed. The difference is in the direction of traffic flow -- either coming from the outside and heading toward the inside (outside-to-inside) or coming from the inside and heading toward the outside (inside-to-outside). That difference in direction is also reflected in the order of operations.

Now, if you would like to perform a special case of NATing the destination address of packets received on the "inside" NAT interface, you would use the following command:

ip nat inside destination { list pool | static }

This command is similar to the source translation command. For dynamic destination translation to make any sense, the pool should be a rotary-type pool.

HTH

Victor

config_raval · ‎05-25-2008

Just giving my feedback for above given config in my earlier post....

I tried this in production and it works as I wanted.

Victor,

Thanks for your explanation. My earlier understanding about NAT was same as described by you. But 'ip nat outside' command does change the destination IP address. For more information please see the link below.

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_configuration_example09186a0080093f8e.shtml

Also, I really appreciate your effort of being a good contributor to Netpro.