NAT to conceal outside global IP

Unanswered Question

Hey Pros,

I have 2 networks with a router between them.

Network A --router-- Network B

Network A= inside

Network B= outside

I want it so that when Network B sends traffic destined through the router, Network A does not see the true IP of the host who actually sent the traffic, but sees an IP address from the router. Is this possible? I can do this easily with Linux using ip masquerade (ipmasq). Thanks pros!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
John Blakley Thu, 08/27/2009 - 09:38
User Badges:
  • Purple, 4500 points or more

Here's an example:

Network B

int fa0/0

desc WAN

ip address

ip nat outside

int fa0/1

desc LAN

ip address

ip nat inside

ip nat inside source list 1 interface fa0/0 overload

access-list 1 permit

Anyone coming from lan side will look like they're coming from



I'm trying to take this one step further. From you example, how would I make a static NAT entry where people connecting from f0/1 could be statically NATted to a host on f0/0?

For example, I want users to connect to a new IP address, TCP port 80. Traffic gets NATted and sent to port 8080.

I've tried:

ip nat inside source static tcp 8080 80

But this doesn't seem to work. Thanks!


This Discussion