04-02-2009 07:46 AM - edited 03-06-2019 04:57 AM
Hi Everyone,
This one might sound a little funny but I am trying to find a solution to accomplish the opposite of a PAT I think I need a reverse PAT?
I need a method of translating a single IP into multiple IP's.
one to many - not many to one.
I am not looking for port forwarding unless i am able to translate the source ports. I am looking for address translation from one ip to multiple ip's. For example,
Source - ip = 10.1.1.1
Destination - ip = 192.168.1.1
Potential pool:
172.16.1.1 - 172.16.1.50
Source must be translated to pool when it reaches the destination on a per session basis, not per source basis.
Looking forward to your response.
Thanks,
Chris
04-02-2009 07:51 AM
Chris
How are you defining sessions ?
If it by TCP/UDP Ports then you could do something along the lines of if port = 23 then use 172.16.1.1 and if port = 25 then use 172.16.1.2 but this would all need to configured manually with individual nat statements/route-maps and event this would need thorough testing.
I don't know of a way to dynamically do it.
Jon
04-02-2009 08:04 AM
Hi Jon,
Thanks for the reply. I would have to define sessionS based on source port as apposed to the destination port.
I had the idea of static NAT as such for example:
source 1.1.1.1 source port 1024 destination 2.2.2.2 source port 1024.
Not sure if this is going to fly though.
Thanks,
Chris
04-02-2009 08:21 AM
Chris
I was thinking of something like the following (would need testing)
access-list 101 permit tcp host 10.1.1.1 eq 1026 host 192.168.1.1
access-list 102 permit tcp host 10.1.1.1 eq 1027 host 192.168.1.1
route-map PNAT1 permit 10
match ip address 101
route-map PNAT2 permit 10
match ip address 102
ip nat inside source static 10.1.1.1 172.16.1.1 route-map PNAT1
ip nat inside source static 10.1.1.1 172.16.1.1 route-map PNAT2
etc..
but you can see this is an awful lot of config and you still need to manually add all the others.
Jon
04-02-2009 08:27 AM
Jon:
How could you be sure of what the source port will be?
1026, 1027....?
04-02-2009 08:33 AM
Well that is a ver
y good question and i'm being a bit dense (no need to point that out).
I guess you could use ranges which would cover 1024 - 65535 ie. map 1000 ports to one IP etc. but that wouldn't meet the requirement either.
Thanks for pointing out my stupidity :-) Rated
Jon
04-02-2009 08:40 AM
No stupidity, man...It is a confusing request and you were being creative...brainstorming :-)
Thanks for the rating...
04-02-2009 07:52 AM
What are you trying to achieve?
Why do you want one source address to get NATed to a different IP everytime it wants to reach a host on the remote network?
04-02-2009 08:01 AM
Hi lamav,
Thank you for the reply. The source address is always originated from a VIP.
The destination requires a different source IP every time for authentication purposes.
Thanks again.
Chris
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide