IP NAT - how to translate source address?

Unanswered Question
Mar 11th, 2009

I have set up NAT on the border router, so the outside network can remote desktop to a computer in the inside network.

This is working fine. Configuration as below:

interface fa0

ip nat inside

interface fa1

ip nat outside

ip nat inside source static tcp 3389 3389 extendable

Now, I want to fine tune this NAT, so the traffic to the RDP (terminal server) will have a source IP of my border router's internal interface. How shall I configure?



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Jon Marshall Wed, 03/11/2009 - 17:52


As far as i am aware you cannot use PAT for outside to inside on a router. You can use a NAT pool to translate outside addresses to ie.

ip nat pool OUTIN netmask

ip nat outside source list 101 pool OUTIN

access-list 101 permit tcp any host eq 3389

You can make the pool as big as you want but this still may not be any use to you. It depends on how many different source IP's will be RDP'ing to the server at one time.

If you do try this don't forget that your internal network needs to know where to route the traffic for 172.16.10.x to ie. back to your border router.



This Discussion