Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
716
Views
5
Helpful
8
Replies

Nat Help

87305
Level 1
Level 1

‎04-02-2009 07:46 AM - edited ‎03-06-2019 04:57 AM

Hi Everyone,

This one might sound a little funny but I am trying to find a solution to accomplish the opposite of a PAT I think I need a reverse PAT?

I need a method of translating a single IP into multiple IP's.

one to many - not many to one.

I am not looking for port forwarding unless i am able to translate the source ports. I am looking for address translation from one ip to multiple ip's. For example,

Source - ip = 10.1.1.1

Destination - ip = 192.168.1.1

Potential pool:

172.16.1.1 - 172.16.1.50

Source must be translated to pool when it reaches the destination on a per session basis, not per source basis.

Looking forward to your response.

Thanks,

Chris

Labels:
0 Helpful
8 Replies 8

Jon Marshall
Hall of Fame
Hall of Fame

‎04-02-2009 07:51 AM

Chris

How are you defining sessions ?

If it by TCP/UDP Ports then you could do something along the lines of if port = 23 then use 172.16.1.1 and if port = 25 then use 172.16.1.2 but this would all need to configured manually with individual nat statements/route-maps and event this would need thorough testing.

I don't know of a way to dynamically do it.

Jon

0 Helpful

87305
Level 1
Level 1
In response to Jon Marshall

‎04-02-2009 08:04 AM

Hi Jon,

Thanks for the reply. I would have to define sessionS based on source port as apposed to the destination port.

I had the idea of static NAT as such for example:

source 1.1.1.1 source port 1024 destination 2.2.2.2 source port 1024.

Not sure if this is going to fly though.

Thanks,

Chris

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to 87305

‎04-02-2009 08:21 AM

Chris

I was thinking of something like the following (would need testing)

access-list 101 permit tcp host 10.1.1.1 eq 1026 host 192.168.1.1

access-list 102 permit tcp host 10.1.1.1 eq 1027 host 192.168.1.1

route-map PNAT1 permit 10

match ip address 101

route-map PNAT2 permit 10

match ip address 102

ip nat inside source static 10.1.1.1 172.16.1.1 route-map PNAT1

ip nat inside source static 10.1.1.1 172.16.1.1 route-map PNAT2

etc..

but you can see this is an awful lot of config and you still need to manually add all the others.

Jon

0 Helpful

lamav
Level 8
Level 8
In response to Jon Marshall

‎04-02-2009 08:27 AM

Jon:

How could you be sure of what the source port will be?

1026, 1027....?

Jon Marshall
Hall of Fame
Hall of Fame
In response to lamav

‎04-02-2009 08:33 AM

Well that is a ver

y good question and i'm being a bit dense (no need to point that out).

I guess you could use ranges which would cover 1024 - 65535 ie. map 1000 ports to one IP etc. but that wouldn't meet the requirement either.

Thanks for pointing out my stupidity :-) Rated

Jon

0 Helpful

lamav
Level 8
Level 8
In response to Jon Marshall

‎04-02-2009 08:40 AM

No stupidity, man...It is a confusing request and you were being creative...brainstorming :-)

Thanks for the rating...

0 Helpful

lamav
Level 8
Level 8

‎04-02-2009 07:52 AM

What are you trying to achieve?

Why do you want one source address to get NATed to a different IP everytime it wants to reach a host on the remote network?

0 Helpful

87305
Level 1
Level 1
In response to lamav

‎04-02-2009 08:01 AM

Hi lamav,

Thank you for the reply. The source address is always originated from a VIP.

The destination requires a different source IP every time for authentication purposes.

Thanks again.

Chris

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card