Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
478
Views
4
Helpful
2
Replies

Searching for ideas on how to redirect traffic

jkrawczyk
Level 1
Level 1

‎10-27-2009 02:57 PM - edited ‎03-11-2019 09:32 AM

Hi,

Scenario;

Network: New York = 172.30.7.0/24

Network: Washington = 172.30.8.0/24

Network California = 172.30.9.0/24

Network: new Location = 172.30.10.0/24

WAN Mesh = MPLS

New York facility (Users, packaging, warehousing, etc) will be systematically moving to a new Location. Current EDI host resides in New York Facility at IP 172.30.7.200. A new EDI is setup and will be deployed to the new Location and configured with a new 172.30.10.200.

A change to the DNS record will resolve 80% of connectivity issues from LAN devices to the new EDI host. However, there are rogue devices such as hand held scanners statically configured to connect to the Current EDI host IP address rather than FQDN.

I'm looking for some ideas how I can fool or NAT translate on the destination to the 172.30.7.0 host, say 172.30.7.200 when these packets come in from New York, Washington or California. I need these packets to be redirected to 172.30.10.200.

Being that the New York network is a flat 172.30.7.0 subnet, I don't know how I can utilize both the inside and outside interface to accomplish this goal!

Perhaps I would need to create a second routable VLAN (172.30.11.0/24), place the inside interface into the 172.30.7.0 subnet and the outside into the 172.30.11.0/24 subnet, and static route back into the MPLS interface at IP 172.30.7.1, where 172.30.10.0/24 will be found in the BGP routing table?

Thoughts anyone?

Please respond to Jeffrey.Krawczyk@gmail.com

Regards

Jeff

Labels:
0 Helpful
2 Replies 2

Kureli Sankar
Cisco Employee
Cisco Employee

‎10-27-2009 08:50 PM

Destination nat config is below.

same-security-traffic permit intra-interface

static (inside,inside) 172.30.7.200 172.30.10.200

Assuming you are running pix/asa 7.x and above code.

The above static line will U-Turn all traffic destined to 172.30.7.200 arriving on the inside interface out the same interface to 172.30.10.200

jkrawczyk
Level 1
Level 1
In response to Kureli Sankar

‎10-29-2009 11:29 AM

Hi Kusankar,

I've tried this and it isn't working. The packet-tracer doesn't have any BLOCKs. I see the global land local address in the logs.

I have this setup in a lab. 172.16.200.103 is my test PC. 172.16.99.35 is my inside global IP mapped to the real address of a HP print server 172.17.100.17.

I'll have to dig deeper, example check arp,

If you have any thoughts, please shoot them my way.

Best

Jeff

%PIX-6-302020: Built ICMP connection for faddr 172.16.200.103/1 gaddr 172.16.99.35/0 laddr 172.17.100.17/0

%PIX-6-302021: Teardown ICMP connection for faddr 172.16.200.103/1 gaddr 172.16.99.35/0 laddr 172.17.100.17/0

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card