You can use static NAT.
On the router, configure the following:
ip nat inside source static tcp 10.1.100.1 8080 10.1.100.1 80 extendable
where the proxy IP address doesn't change, just the TCP port.
On the interface towards the Proxy server, you need ip nat inside
On the interface towards the clients, you need ip nat outside
Be aware, you can't perform internet NAT on this device and the ASA can be used for internet NAT for your network.
I did a quick lab to test this concept:
R2 (acting as client) <------>R0 (acting as NAT router)<----->R1(acting as proxy listening on port 8080).
R1:
R1#sh run | i http
ip http server
ip http port 8080
no ip http secure-server
R1#sh ip http server status | i 8080
HTTP server port: 8080
Before implementing the NAT, I can only access R1 when telnetting to port 8080 from R2.
It won't work when trying port 80.
R2#telnet 10.1.100.1 80
Trying 10.1.100.1, 80 ...
% Connection refused by remote host
R2#telnet 10.1.100.1 8080
Trying 10.1.100.1, 8080 ... Open
^^
HTTP/1.1 400 Bad Request
Date: Tue, 19 Jan 2010 10:45:16 GMT
Server: cisco-IOS
Accept-Ranges: none
400 Bad Request
I implemented the NAT on R0
R2#telnet 10.1.100.1 8080
Trying 10.1.100.1, 8080 ...
% Connection timed out; remote host not responding
R2#
R2#
R2#telnet 10.1.100.1 80
Trying 10.1.100.1, 80 ... Open
^^xx
HTTP/1.1 400 Bad Request
Date: Tue, 19 Jan 2010 10:46:28 GMT
Server: cisco-IOS
Accept-Ranges: none
400 Bad Request
R0#sh ip nat tr
Pro Inside global Inside local Outside local Outside global
tcp 10.1.100.1:80 10.1.100.1:8080 --- ---
R0#
Regards
Edison
Edit: If you want to use this router for internet NAT, you can change the outside|inside designation on the interfaces and also change the command from
ip nat inside source static tcp 10.1.100.1 8080 10.1.100.1 80 extendable
to
ip nat outside source static tcp 10.1.100.1 8080 10.1.100.1 80 extendable
Message was edited by: Edison Ortiz
