Multiple NAT statements which direct to unique IP's, depending on source? - Page 2

tylerlucas · ‎10-25-2007

I need to create two NAT statements and allow RDP connectivity.

One user needs to RDP to a particular computer inside the network (.114), and another user needs to RDP to a different computer (.177). Each user will be RDP'ing from their home locations.

How can I create NAT statements to automatically re-direct, depending on source IP? Both are on their own private networks, so I'm guessing overloading is required.

ie:

User1 was already able to RDP:

access-list ACL1 extended permit tcp host USER1_EXT_IP host 192.168.201.114 object-group RDPGroup

static (Internal-201,ELI-External) tcp interface 3389 192.168.201.114 3389 netmask 255.255.255.255

Now I need to add the new user, who wants to RDP to a different IP:

access-list ACL2 extended permit tcp host USER2_EXT_IP host 192.168.201.177 object-group RDPGroup

static (Internal-201,ELI-External) tcp interface 3389 192.168.201.177 3389 netmask 255.255.255.255

Obviously, this wouldn't work, because the two NAT statements would clash. What alternatives do I have? (VPN isn't an option)

tylerlucas · ‎10-26-2007

Yeah, very strange.

The ACL's seem to be doing fine, the problem is with NAT.

This works:

static (Internal-201,ELI-External) tcp interface 3389 192.168.201.177 3389 netmask

This doesn't:

static (Internal-201,ELI-External) tcp HQ_EXT_IP 3389 192.168.201.177 3389 netmask 255.255.255.255

jaravinthan · ‎10-25-2007

To make things clearr, i assume you have only one Public IP which shd be used for both servers. You use the public assigned to the outside interface.

This could be achieved if the Source Public IP is static.

By having NAT bound with ACL's.

tylerlucas · ‎10-26-2007

The destination has more than one public IP.

The source IP is static. How exactly would I bind the NAT/ACL?