cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
665
Views
5
Helpful
8
Replies

Nat Help

87305
Level 1
Level 1

Hi Everyone,

This one might sound a little funny but I am trying to find a solution to accomplish the opposite of a PAT I think I need a reverse PAT?

I need a method of translating a single IP into multiple IP's.

one to many - not many to one.

I am not looking for port forwarding unless i am able to translate the source ports. I am looking for address translation from one ip to multiple ip's. For example,

Source - ip = 10.1.1.1

Destination - ip = 192.168.1.1

Potential pool:

172.16.1.1 - 172.16.1.50

Source must be translated to pool when it reaches the destination on a per session basis, not per source basis.

Looking forward to your response.

Thanks,

Chris

8 Replies 8

Jon Marshall
Hall of Fame
Hall of Fame

Chris

How are you defining sessions ?

If it by TCP/UDP Ports then you could do something along the lines of if port = 23 then use 172.16.1.1 and if port = 25 then use 172.16.1.2 but this would all need to configured manually with individual nat statements/route-maps and event this would need thorough testing.

I don't know of a way to dynamically do it.

Jon

Hi Jon,

Thanks for the reply. I would have to define sessionS based on source port as apposed to the destination port.

I had the idea of static NAT as such for example:

source 1.1.1.1 source port 1024 destination 2.2.2.2 source port 1024.

Not sure if this is going to fly though.

Thanks,

Chris

Chris

I was thinking of something like the following (would need testing)

access-list 101 permit tcp host 10.1.1.1 eq 1026 host 192.168.1.1

access-list 102 permit tcp host 10.1.1.1 eq 1027 host 192.168.1.1

route-map PNAT1 permit 10

match ip address 101

route-map PNAT2 permit 10

match ip address 102

ip nat inside source static 10.1.1.1 172.16.1.1 route-map PNAT1

ip nat inside source static 10.1.1.1 172.16.1.1 route-map PNAT2

etc..

but you can see this is an awful lot of config and you still need to manually add all the others.

Jon

Jon:

How could you be sure of what the source port will be?

1026, 1027....?

Well that is a ver

y good question and i'm being a bit dense (no need to point that out).

I guess you could use ranges which would cover 1024 - 65535 ie. map 1000 ports to one IP etc. but that wouldn't meet the requirement either.

Thanks for pointing out my stupidity :-) Rated

Jon

No stupidity, man...It is a confusing request and you were being creative...brainstorming :-)

Thanks for the rating...

lamav
Level 8
Level 8

What are you trying to achieve?

Why do you want one source address to get NATed to a different IP everytime it wants to reach a host on the remote network?

Hi lamav,

Thank you for the reply. The source address is always originated from a VIP.

The destination requires a different source IP every time for authentication purposes.

Thanks again.

Chris

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: