04-02-2009 07:46 AM - edited 03-06-2019 04:57 AM
Hi Everyone,
This one might sound a little funny but I am trying to find a solution to accomplish the opposite of a PAT I think I need a reverse PAT?
I need a method of translating a single IP into multiple IP's.
one to many - not many to one.
I am not looking for port forwarding unless i am able to translate the source ports. I am looking for address translation from one ip to multiple ip's. For example,
Source - ip = 10.1.1.1
Destination - ip = 192.168.1.1
Potential pool:
172.16.1.1 - 172.16.1.50
Source must be translated to pool when it reaches the destination on a per session basis, not per source basis.
Looking forward to your response.
Thanks,
Chris
04-02-2009 07:51 AM
Chris
How are you defining sessions ?
If it by TCP/UDP Ports then you could do something along the lines of if port = 23 then use 172.16.1.1 and if port = 25 then use 172.16.1.2 but this would all need to configured manually with individual nat statements/route-maps and event this would need thorough testing.
I don't know of a way to dynamically do it.
Jon
04-02-2009 08:04 AM
Hi Jon,
Thanks for the reply. I would have to define sessionS based on source port as apposed to the destination port.
I had the idea of static NAT as such for example:
source 1.1.1.1 source port 1024 destination 2.2.2.2 source port 1024.
Not sure if this is going to fly though.
Thanks,
Chris
04-02-2009 08:21 AM
Chris
I was thinking of something like the following (would need testing)
access-list 101 permit tcp host 10.1.1.1 eq 1026 host 192.168.1.1
access-list 102 permit tcp host 10.1.1.1 eq 1027 host 192.168.1.1
route-map PNAT1 permit 10
match ip address 101
route-map PNAT2 permit 10
match ip address 102
ip nat inside source static 10.1.1.1 172.16.1.1 route-map PNAT1
ip nat inside source static 10.1.1.1 172.16.1.1 route-map PNAT2
etc..
but you can see this is an awful lot of config and you still need to manually add all the others.
Jon
04-02-2009 08:27 AM
Jon:
How could you be sure of what the source port will be?
1026, 1027....?
04-02-2009 08:33 AM
Well that is a ver
y good question and i'm being a bit dense (no need to point that out).
I guess you could use ranges which would cover 1024 - 65535 ie. map 1000 ports to one IP etc. but that wouldn't meet the requirement either.
Thanks for pointing out my stupidity :-) Rated
Jon
04-02-2009 08:40 AM
No stupidity, man...It is a confusing request and you were being creative...brainstorming :-)
Thanks for the rating...
04-02-2009 07:52 AM
What are you trying to achieve?
Why do you want one source address to get NATed to a different IP everytime it wants to reach a host on the remote network?
04-02-2009 08:01 AM
Hi lamav,
Thank you for the reply. The source address is always originated from a VIP.
The destination requires a different source IP every time for authentication purposes.
Thanks again.
Chris
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: