NAT/PAT for webservices

Wantser1981_2 · ‎02-18-2009

Hi All,

Is there a way of achieving the following.

I have a site-to-site IPSEC VPN between two sites where the remote end accesses a URL connecting to a server at our end. This server is be re-allocated and we are wanting them to access a new one. Without changing the remote end config, is there a way of redirecting the traffic to the new server by way of nat or re-direction etc?

Traffic flow - remote host url resolves to local IP 10.10.10.10. I want to force this to look like 10.10.10.11 when it gets to our end.

Not sure if this is possible as the IP's are on the same local network.

Cheers

Andy

andrew.prince · ‎02-18-2009

Easiest way is to change the DNS entry for the URL.

HTH>

Wantser1981_2 · ‎02-18-2009

exactly what I have said to our customer. I dont think it can be achieved......

andrew.prince · ‎02-18-2009

OK - can you post your current config, removed sensitive information.

acomiskey · ‎02-18-2009

The first thing you have to do is remove the nat exemption for this connection as you now want to nat it.

access-list nat0 deny ip host 10.10.10.10 ...

then add your new static...

static (inside,outside) 10.10.10.10 10.10.10.11 netmask 255.255.255.255

Also make sure that 10.10.10.11 is part of your crypto acl's.