Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
643
Views
0
Helpful
4
Replies

Backwards NAT Many to One

Go to solution
cbrun
Level 1
Level 1

‎05-14-2009 03:33 PM

I have what is apparently a rather unique need. I need to be able to have host A think it is communicating with 250 different IP addresses, yet they are all the same device. All the examples I have seen want to hit one address and convert it to many NAT'd addresses. I want to take many NAT'd addresses and convert it to a single address.

For example, any packet inbound to the router for address between 10.1.1.1-10.1.1.250 needs to be NAT'd to a single address 10.2.2.1.

I've tried multiple ip nat inside source statments with the same NAT address, but the router rejects that. Attempting to use pools (at least my attempt) has been fruitless. Has anyone done this??

Thanks.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
darkbeatzz
Level 1
Level 1

‎05-15-2009 01:58 AM

if you were to use different port numbers for each nat statement it would be possible but what you are trying to is not to my knowledge.

explain why you are doing this? there could be a better way

View solution in original post

0 Helpful
4 Replies 4

Go to solution
darkbeatzz
Level 1
Level 1

‎05-15-2009 01:58 AM

if you were to use different port numbers for each nat statement it would be possible but what you are trying to is not to my knowledge.

explain why you are doing this? there could be a better way

0 Helpful

Go to solution
cbrun
Level 1
Level 1
In response to darkbeatzz

‎05-15-2009 02:56 AM

As an explaination. We want to test host A's capabilities to communicate with 250 different target devices. However, we physically only have one target device (and it does not support multiple IP addresses). So the theory was to set up NAT to have host A think it is communicating with 250 different IP addresses, yet they are all sent to the same target address. I need NAT to make sure the source address is changed on the response packets back to host A to complete the deception!

...and thanks, I will try the port number suggestion.

0 Helpful

Go to solution
cbrun
Level 1
Level 1
In response to cbrun

‎05-15-2009 04:58 AM

Thanks ... adding the ports worked!

ip nat inside source static tcp 106.40.196.3 3389 106.40.197.1 3389 extendable

ip nat inside source static tcp 106.40.196.3 3389 106.40.197.2 3389 extendable

ip nat inside source static tcp 106.40.196.3 3389 106.40.197.3 3389 extendable

...

ip nat inside source static tcp 106.40.196.3 3389 106.40.197.250 3389 extendable

0 Helpful

Go to solution
darkbeatzz
Level 1
Level 1
In response to cbrun

‎05-15-2009 05:59 AM

excellent!

0 Helpful
Customers Also Viewed These Support Documents