NAT to conceal outside global IP

spacemky · ‎08-27-2009

Hey Pros,

I have 2 networks with a router between them.

Network A --router-- Network B

Network A= inside

Network B= outside

I want it so that when Network B sends traffic destined through the router, Network A does not see the true IP of the host who actually sent the traffic, but sees an IP address from the router. Is this possible? I can do this easily with Linux using ip masquerade (ipmasq). Thanks pros!

John Blakley · ‎08-27-2009

Here's an example:

Network B

int fa0/0

desc WAN

ip address 192.168.1.1 255.255.255.0

ip nat outside

int fa0/1

desc LAN

ip address 10.50.50.1 255.255.255.0

ip nat inside

ip nat inside source list 1 interface fa0/0 overload

access-list 1 permit 10.50.50.0

Anyone coming from 10.50.50.0/24 lan side will look like they're coming from 192.168.1.1.

HTH,

John

HTH, John *** Please rate all useful posts ***

spacemky · ‎08-27-2009

*Bingo!* worked perfectly. I guess the idea was swapping the concept of what was inside and what was outside. Many thanks j.blakley.

spacemky · ‎08-28-2009

I'm trying to take this one step further. From you example, how would I make a static NAT entry where people connecting from f0/1 could be statically NATted to a host on f0/0?

For example, I want users to connect to a new IP address, 10.50.50.2 TCP port 80. Traffic gets NATted and sent to 192.168.1.2 port 8080.

I've tried:

ip nat inside source static tcp 192.168.1.2 8080 10.50.50.2 80

But this doesn't seem to work. Thanks!