Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
344
Views
0
Helpful
1
Replies

routing-decision based on flows?

tbandion
Level 1
Level 1

‎09-19-2005 07:25 AM - edited ‎03-03-2019 12:05 AM

Is there a feature, that allows for servers (LAN 2) located in a network with RFC1918 addresses to be addressed with their real address as well with a NAT-address?

The traffic flows from above (internet, net1, net2) through the device in the middle to the server.

We would need a device x (or couple of devices) that is/are able to determine the route back to the networks above based on the interface they received the packet initiating the flow. This device would have to be flow-aware, as the servers don't know if they have been addressed using their real address or their NAT-address. It should route back the answer packets to the above networks (internet, net1, net2) either on the interface where they are NATted or on the other interface where they are NOT NATted.

Again:

Scenario A:

- host1 in net1 is addressing the real address of a server1 in LAN2

- router2 routes the packet to the address in the NO-NAT-path (address a1)

- device x forwards the packet to the destination server1

- the destination server1 sends his answer to device x

- device x knows that the packet belongs to the flow started by the host1 in net1 using the NO-NAT-path (a1) and forwards it back to net1 via router2

Scenario B:

- host1 in net1 is addressing the NAT-address of a server1 in LAN 2

- router2 routes the packet to the address in the NAT-path (address a2)

- device x NATs the packet and forwards it to the destination server1

- the destination server1 sends his answer to device x

- device x knows that the packet belongs to the flow started by the host1 in net1 using the NAT-path (a2), NATs it and forwards it back to net1 via router2

The challenge is that the same server in LAN 2 should be addressable using either the real address OR the NAT-address. Normally the xlate-table allows only one entry for an ip-address.

Another challenge: what happens to flows initiated from LAN2 to net1 or the internet? It should be possible to define a default-behaviour like: "always use the NAT-address for outbound connections".

internet net1

| |

router1 router2

| |

|---+---------+-+---+---------| LAN 1

| |

NO-NAT-path | | NAT-path

a1| |a2

+-+-+-+

| x |

+--+--+

|

|--RFC1918-----+---servers----| LAN 2

Does such a device/feature exist or is this only hypothetical?

Kind regards,

Thomas

Labels:
0 Helpful
1 Reply 1

tbandion
Level 1
Level 1

‎09-20-2005 11:33 AM

Sorry my little drawing got mangled. I've attached it.

Preview file
1 KB
0 Helpful
Customers Also Viewed These Support Documents