Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
339
Views
0
Helpful
3
Replies

Destination NAT

Spinu Viorel
Level 1
Level 1

‎11-29-2008 06:33 AM - edited ‎03-09-2019 09:51 PM

Hello,

internet -(fa0)Router-(fa1)-192.168.1.1

-(fa2)-192.168.2.1

-(fa3)-192.168.3.1

FastEthernet0 - 60.60.60.10

I have a nat overload.

I have on the network 192.168.1.0/24 a web server:192.168.1.10 (https)

ip nat inside source route-map SDM_RMAP_1 interface FastEthernet0 overload

ip nat inside source static tcp 192.168.1.10 443 60.60.60.10 443 extendable

interface FastEthernet0

ip address 60.60.60.10 255.255.255.0

ip nat outside

interface FastEthernet1

ip address 192.168.1.1 255.255.255.0

ip nat inside

interface FastEthernet2

ip address 192.168.2.1 255.255.255.0

ip nat inside

interface FastEthernet3

ip address 192.168.3.1 255.255.255.0

ip nat inside

So, everything that comes from internet with destination port 443 and destination address 60.60.60.10 is directed to my web server inside at 192.168.1.10, that listen on 443.

How can I make that all the hosts from 192.168.2.0 and 192.168.3.0 with destination port 443 with destination address 60.60.60.10 to go to the same 192.168.1.10?

I want to do something like destination nat in linux: everything that comes from a source IP/port with destination IP/port to go to a server that I want?

192.168.1.10 is also DNS server, it is my webmail: https://webmail.mydomain.com

So when I access my webserver from my inside subnets, my dns will resolve webmail.mydomain.com with 60.60.60.10

Thank U!

Labels:
0 Helpful
3 Replies 3

Spinu Viorel
Level 1
Level 1

‎12-01-2008 02:50 PM

So, anybody can tell me how can I make a destination nat ?

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame

‎12-01-2008 03:08 PM

Are you sure you want destination NAT. From your description it sounds like you want Policy Based Routing ie.

"everything that comes from a source IP/port with destination IP/port to go to a server that I want?"

Could you elaborate on what exactly you want ?

Jon

0 Helpful

Spinu Viorel
Level 1
Level 1
In response to Jon Marshall

‎12-01-2008 03:24 PM

in linux I think it is called DNAT(destination nat).

I did some cisco documentation reading and I realy don't know what I want: policy-map, route map, port-map...I am confused.

I want traffic sourced from 192.168.3.0 with destination my web server port 443 to go to 192.168.1.10, and the other traffic, other than 443, to go to my outside interface 60.60.60.10 and then to Internet. So yes, looks like Policy Based Routing.

I have also a dilema: 192.168.1.10 is also my DNS server; the host from 192.168.3.0 will use this DNS; so when I will try to access https://webmail.mydomain.com , my DNS will resolve it with 60.60.60.10, so how will the traffic be routed back to the 192.168.1.10 ?

I hope U understand my question, and thank u for your time!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents