That is a great idea actually.

I will then nat the destination of the dialer to the host, and nat the source to another IP address (x.x.x.x) and then route it to the dialer. that's sounds good.

how is the command's syntax goes?

I have already ip nat inside source static tcp y.y.y.y 3389 interface Dialer0 3389

what else should I do for this?

Thanks alot.

(int vlan 1 - ip nat inside - the host)

(int dialer0 - ip nat outside - Wan1).

edit:

I will then have to configure the outside global ip address manually, wont I?

and I dont know it, it always changes.

correcr me if I'm wrong.

Tnx.

Actually you can get away with NATing only the source addresses incoming from dialer-interface to say 10.200.x.x/16. Incoming sources from Ethernet interface can still go out the same way.

The solution would work only if deNAT occurs AFTER routing decision has taken place in router logic flow.

You'll have to use 'ip nat ouside source' for NAT. This link may be helpful:

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_configuration_example09186a0080093f8e.shtml

Rais.

this is very helpful and very intresting (I didnt know about the add route command after ip nat outside).

I'll try it tommorow and update.

Tnx alot for now.

ok rais, thank you very much. it worked.

thank you for your great help.

edit:

BTW, the add route command after the nat outside didnt work, so I had to make a PBR for that.

do you have any idea why it didn't add it to the routing table?

as you can see here:

212.199.78.54 - global outside.

10.99.99.1 - Outside local

the nat takes place but the route doesnt.

ip nat outside source list SOURCE pool NATPOOL add-route

ip access-list extended SOURCE

permit tcp any host 80.179.39.165 eq 3389

ip nat pool NATPOOL 10.99.99.1 10.99.99.255 netmask 255.255.255.0

dodimat#sh ip nat translations | i 10.99.99
--- ---                   ---                   10.99.99.1            212.199.78.54
tcp 80.179.39.165:3389    80.179.123.234:3389   10.99.99.1:11469      212.199.78.54:11469
dodimat#sh ip route                       
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, + - replicated route

Gateway of last resort is 80.179.255.157 to network 0.0.0.0

B*    0.0.0.0/0 [20/0] via 80.179.255.157, 1d15h
      80.0.0.0/8 is variably subnetted, 5 subnets, 3 masks
C        80.179.39.165/32 is directly connected, Dialer0
C        80.179.123.232/29 is directly connected, Vlan1
L        80.179.123.233/32 is directly connected, Vlan1
C        80.179.255.156/30 is directly connected, FastEthernet4
L        80.179.255.158/32 is directly connected, FastEthernet4
      212.199.17.0/32 is subnetted, 1 subnets
C        212.199.17.65 is directly connected, Dialer0

and is there any possibility that the router will route the packet back to the interface which it came from? without natting?

Yes, you can use vrfs/vpnv4 routes.

Thanks.

could you please explain? or redirect me to a url with explanation?

This may be a rather extensive change for your network.

Here is the link. You can think of your two interfaces as customers with 0/0 space.

HTH.

ok I know what is a VRF.

but let's say an end customer, only has 1 router with 2 wan interfaces.

how a vrf on the router will help me solve the problem of rouing the packet back the interface it came from.

there are only 3 interfaces.

WAN1

WAN2

VLAN1 - LAN.

if I'll configure

int WAN2

ip vrf forwarding XXX

how will it help me?

You will have to put your servers in at least two vrfs as well and exchange vpnv4 routes.

Thanks.

Message was edited by: RAIS AHMAD