both Source and destination natting on router

Unanswered Question
Feb 27th, 2009
User Badges:

Hi,


How can i source and destination nat at the same time.


let say any user connect through the internet will be translated to 192.168.1.1. User access the destination 10.1.1.1 but this destination then translates to 172.1.1.1


Source Destination source Translate Destination translate

Any******10.1.1.1*******192.168.1.1******172.1.1.1


I have given the follwing commands but source natting is working but not the destination nat.


ip nat pool TEST-POOL 192.168.1.1 192.168.1.1 netmask 255.255.255.255


ip access-list extended Test-1

10 permit ip any host 10.1.1.1


ip nat inside source static 172.1.1.1 10.1.1.1 extendable

ip nat outside source list Test-1 pool TEST-POOL




  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Laurent Aubert Fri, 02/27/2009 - 19:34
User Badges:
  • Cisco Employee,

Hi,


You need PAT for your inside local address and static NAT for your outside local address.


Config looks like this:


ip nat pool TEST-POOL 192.168.1.1 192.168.1.1 netmask 255.255.255.0

!

ip nat inside source list 1 pool TEST-POOL overload

!

ip nat outside source static 172.1.1.1 10.1.1.1

!

access-list 1 permit any

!


Of course routers in the inside world needs a route to join 10.1.1.1 and the Internet needs to know 192.168.1.1 (I understand it's not the real addresses)


HTH


Laurent.

t4tauseef33 Tue, 03/03/2009 - 06:44
User Badges:

Hi Laurent,


This is otherway round.


10.1.1.1 is my Public IP address. Any person from the internet connects to 10.1.1.1. I want to translate source (ANY From Internet) to a private IP address 192.168.1.1. Also want to translate the destination 10.1.1.1 to 172.1.1.1 which is private IP. I will give the route 172.1.1.1 to anywhere inside my network.


See from the traffic incomming from the internet to my public IP address

public Source Internet*****Destination My Public IP*********Public Source translate to private IP**** Destination My Public translate to private IP address*********

Any**************************10.1.1.1******************************192.168.1.1********************************172.1.1.1


Laurent Aubert Wed, 03/04/2009 - 06:00
User Badges:
  • Cisco Employee,

PAT is not allowed from the outside to the inside so it will not work.


Why do you want to NAT the outside global address ? You should have a default route already available so your hosts can reach the internet right ?

Actions

This Discussion