NAT to conceal outside global IP

Unanswered Question

Hey Pros,

I have 2 networks with a router between them.


Network A --router-- Network B


Network A= inside

Network B= outside


I want it so that when Network B sends traffic destined through the router, Network A does not see the true IP of the host who actually sent the traffic, but sees an IP address from the router. Is this possible? I can do this easily with Linux using ip masquerade (ipmasq). Thanks pros!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
John Blakley Thu, 08/27/2009 - 09:38
User Badges:
  • Purple, 4500 points or more

Here's an example:


Network B


int fa0/0

desc WAN

ip address 192.168.1.1 255.255.255.0

ip nat outside


int fa0/1

desc LAN

ip address 10.50.50.1 255.255.255.0

ip nat inside



ip nat inside source list 1 interface fa0/0 overload


access-list 1 permit 10.50.50.0



Anyone coming from 10.50.50.0/24 lan side will look like they're coming from 192.168.1.1.


HTH,

John

I'm trying to take this one step further. From you example, how would I make a static NAT entry where people connecting from f0/1 could be statically NATted to a host on f0/0?


For example, I want users to connect to a new IP address, 10.50.50.2 TCP port 80. Traffic gets NATted and sent to 192.168.1.2 port 8080.


I've tried:

ip nat inside source static tcp 192.168.1.2 8080 10.50.50.2 80

But this doesn't seem to work. Thanks!

Actions

This Discussion