both Source and destination natting on router

Unanswered Question
Feb 27th, 2009

Hi,

How can i source and destination nat at the same time.

let say any user connect through the internet will be translated to 192.168.1.1. User access the destination 10.1.1.1 but this destination then translates to 172.1.1.1

Source Destination source Translate Destination translate

Any******10.1.1.1*******192.168.1.1******172.1.1.1

I have given the follwing commands but source natting is working but not the destination nat.

ip nat pool TEST-POOL 192.168.1.1 192.168.1.1 netmask 255.255.255.255

ip access-list extended Test-1

10 permit ip any host 10.1.1.1

ip nat inside source static 172.1.1.1 10.1.1.1 extendable

ip nat outside source list Test-1 pool TEST-POOL

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Laurent Aubert Fri, 02/27/2009 - 19:34

Hi,

You need PAT for your inside local address and static NAT for your outside local address.

Config looks like this:

ip nat pool TEST-POOL 192.168.1.1 192.168.1.1 netmask 255.255.255.0

!

ip nat inside source list 1 pool TEST-POOL overload

!

ip nat outside source static 172.1.1.1 10.1.1.1

!

access-list 1 permit any

!

Of course routers in the inside world needs a route to join 10.1.1.1 and the Internet needs to know 192.168.1.1 (I understand it's not the real addresses)

HTH

Laurent.

t4tauseef33 Tue, 03/03/2009 - 06:44

Hi Laurent,

This is otherway round.

10.1.1.1 is my Public IP address. Any person from the internet connects to 10.1.1.1. I want to translate source (ANY From Internet) to a private IP address 192.168.1.1. Also want to translate the destination 10.1.1.1 to 172.1.1.1 which is private IP. I will give the route 172.1.1.1 to anywhere inside my network.

See from the traffic incomming from the internet to my public IP address

public Source Internet*****Destination My Public IP*********Public Source translate to private IP**** Destination My Public translate to private IP address*********

Any**************************10.1.1.1******************************192.168.1.1********************************172.1.1.1

Laurent Aubert Wed, 03/04/2009 - 06:00

PAT is not allowed from the outside to the inside so it will not work.

Why do you want to NAT the outside global address ? You should have a default route already available so your hosts can reach the internet right ?

Actions

This Discussion