Conditional destination NAT routing configuration

Unanswered Question
Dec 14th, 2009

/* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:10.0pt; font-family:"Times New Roman"; mso-ansi-language:#0400; mso-fareast-language:#0400; mso-bidi-language:#0400;}

I have two offices with their own internet access and are inter-connected by point-to-point T1s.  I am trying to set up an alternate or redundant path from the internet.  There are a bunch of other factors, but here’s what I am trying to accomplish:

Traffic comes in from the internet and the firewall translates the destination:

Source => Destination 

  Any   =>  X.X.4.115


   Any   =>

Then the traffic hits a router for the T1 and translates the traffics source address to the address on the serial interface on the router:

     Source   =>   Destination 

      Any       =>

         || =>

Next the traffic hits another router and this is where I need help.  I need to translate the traffic's destination as demonstrated below but only when the traffic is coming from

  Source        =>   Destination =>

                                || =>

I have all the routes set up to make this happen and the reason for all the NATs is due to the firewalls being configured for VPN failover, so they are aware of the different networks and will send the traffice through the VPN, but then the return traffic will go out the other office's firewall and then would be rejected by the stateful table.  So what I really need to figure out is how to NAT just the destination IP when the traffic is coming from and going to

Obviously I know how to change the source IP address based on conditions, but I can't figure out how to do the destination address with conditions.  Any help would be appreciated.  Let me know if you have any questions.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Marwan ALshawi Sat, 12/26/2009 - 23:00

i will assume you have al the nating in the first router and second router working except the third one where you want to do nating only if the source and distention the following: =>

just do the following steps

access-list 100 permit ip host host

ip nat pool pool1 prefix-length 24  .. i assuming this subnet is 24 ( use the correct one )

route-map NAT1

match ip address 100

ip nat inside source route-map NAT1 pool pool1 overload

only make sure that you have the ip nat inside under the interface where the traffic will come in and the exit interface configure it with ip nat outside

good luck

if helpful Rate


This Discussion

Related Content