Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1485
Views
0
Helpful
8
Replies

How to Bypass NAT (MASQ)?

tophpayas
Level 1
Level 1

‎05-18-2012 12:41 AM - edited ‎03-04-2019 04:24 PM

Is possible to bypass NAT_MASQ in Cisco Router?

Here's my proposed network diagram:

Bypass NAT.jpg

--

thanks, thanks!

Toph Payas

Labels:
0 Helpful
8 Replies 8

lgijssel
Level 9
Level 9

‎05-18-2012 12:49 AM

Yes, this is possible.

You can tweak the nat rules in many ways. However, from your scheme it looks like the internet router is not on a nat outside interface.

We need to see the config in order to give more detailed hints.

regards, Leo

0 Helpful

tophpayas
Level 1
Level 1

‎05-18-2012 01:16 AM

Hi Leo,

Thanks for the immediate response, what do you mean by internet router is not on a NAT outside?

Attaching another jpeg for your reference:

--

thanks, thanks!

Toph Payas

0 Helpful

lgijssel
Level 9
Level 9

‎05-18-2012 01:37 AM

Your internet access is at 192.168.1.2, this is the same network as your def-gw (1.1)

To perform nat in the router, traffic needs to pass through it.

From a nat inside to a nat outside interface to be precise.

Regards,

Leo

0 Helpful

tophpayas
Level 1
Level 1
In response to lgijssel

‎05-18-2012 01:45 AM

Hi Leo,


My concern:

Filtering on my firewall is not working because it only seeing the MAC Address of Def GW(192.168.1.1).

any work-around for this scenario?

--

thanks, thanks!

Toph Payas

0 Helpful

lgijssel
Level 9
Level 9

‎05-18-2012 01:54 AM

You can still filter on ip addresses...

Or enable icmp redirects on the router. This will make the clients send their internet traffic directly to the firewall.

Regards,

Leo

0 Helpful

tophpayas
Level 1
Level 1
In response to lgijssel

‎05-18-2012 02:00 AM

Hi Leo,

Please provide steps on how to enable ICMP redirects on Cisco Router?

--

thanks, thanks!

Toph L. Payas

0 Helpful

lgijssel
Level 9
Level 9
In response to tophpayas

‎05-18-2012 02:12 AM

Hi,

Sorry but I was posting from my mobile and on that I find it cumbersome to add links or do other things than just enter text.

Now I have started a laptop and I hope the link below will answer your question:

http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080094702.shtml#howitworks

Please rate helpful posts!

Regards,

Leo

0 Helpful

tophpayas
Level 1
Level 1
In response to lgijssel

‎05-18-2012 06:26 PM

Hi Leo,

I'm attaching another file for your reference, .

Here's the .pkt for a more details info.

The flow will be like this:

HO_PC01  >  Default Gateway: HO_Router(192.168.1.1)  >  HO_FIREWALL(Filtering)  >  Internet Cloud

Is it possible that the request from HO_PC01  >  HO_FIREWALL will still be his own identity?

--

thanks, thanks!

Toph L. Payas

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card