Solved: Is this possible using NAT?

ictunit12 · ‎04-19-2012

Hello,

This is my first post and I hoped that someone could point me in the right direction.

Is there a method for translating all destination port 80 traffic from any hosts on a given subnet, to a different ip address and port? For example, a client attempts to make a connection to destination ip address 10.1.1.200 on port 80, is it possible to NAT this destination address to 10.4.5.50 on port 8080 instead? I know that something similar can be done for static NAT on a one-to-one basis, but is there a way of doing this for the whole subnet? The reason for this is to force some of our guest devices (such as iPads) to go through a transparent proxy without the guests having to configure their web browser to point at a proxy directly. As the web traffic from these devices would naturally try to connect to a destination port of 80, we want it to be the ip address and port of the transparent proxy instead, but done without the user having to change anything.

Hope that makes some sense, if anyone has a clue what I am trying to achieve, any comments would be appreciated.

Cheers

Dan-Ciprian Cicioiu · ‎04-19-2012

Hi ,

The easiest way is to use , PBR.

ip access-li ex ACL-WWW

permit tcp client-class/ip any eq http

permit tcp client-class/ip any eq https

route-map RM-WWW

match ip address ACL-WWW

set ip next-hop

interface CLIENT

ip policy route-map RM-WWW

Dan

View solution in original post

Dan-Ciprian Cicioiu · ‎04-19-2012