Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

How to Bypass NAT (MASQ)?

Is possible to bypass NAT_MASQ in Cisco Router?

Here's my proposed network diagram:

Bypass NAT.jpg

--

thanks, thanks!

Toph Payas

Everyone's tags (4)
8 REPLIES

Re: How to Bypass NAT (MASQ)?

Yes, this is possible.

You can tweak the nat rules in many ways. However, from your scheme it looks like the internet router is not on a nat outside interface.

We need to see the config in order to give more detailed hints.

regards, Leo

New Member

Re: How to Bypass NAT (MASQ)?

Hi Leo,

Thanks for the immediate response, what do you mean by internet router is not on a NAT outside?

Attaching another jpeg for your reference:

--

thanks, thanks!

Toph Payas

Re:How to Bypass NAT (MASQ)?

Your internet access is at 192.168.1.2, this is the same network as your def-gw (1.1)

To perform nat in the router, traffic needs to pass through it.

From a nat inside to a nat outside interface to be precise.

Regards,

Leo

New Member

Re:How to Bypass NAT (MASQ)?

Hi Leo,


My concern:

Filtering on my firewall is not working because it only seeing the MAC Address of Def GW(192.168.1.1).

any work-around for this scenario?

--

thanks, thanks!

Toph Payas

Re:How to Bypass NAT (MASQ)?

You can still filter on ip addresses...

Or enable icmp redirects on the router. This will make the clients send their internet traffic directly to the firewall.

Regards,

Leo

New Member

Re:How to Bypass NAT (MASQ)?

Hi Leo,

Please provide steps on how to enable ICMP redirects on Cisco Router?

--

thanks, thanks!

Toph L. Payas

How to Bypass NAT (MASQ)?

Hi,

Sorry but I was posting from my mobile and on that I find it cumbersome to add links or do other things than just enter text.

Now I have started a laptop and I hope the link below will answer your question:

http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080094702.shtml#howitworks

Please rate helpful posts!

Regards,

Leo

New Member

Re: How to Bypass NAT (MASQ)?

Hi Leo,

I'm attaching another file for your reference, .

Here's the .pkt for a more details info.

The flow will be like this:

HO_PC01  >  Default Gateway: HO_Router(192.168.1.1)  >  HO_FIREWALL(Filtering)  >  Internet Cloud

Is it possible that the request from HO_PC01  >  HO_FIREWALL will still be his own identity?

--

thanks, thanks!

Toph L. Payas

937
Views
0
Helpful
8
Replies