cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

How to use "Ip nat inside destination" - Basic understanding

3656
Views
0
Helpful
0
Comments

     

     

     

     

    IP NAT INSIDE DESTINATION:- (TCP load balancing)

     

    When to be used:: Multiple Inside Devices are Identical Servers with Mirrored Content, which from the Outside Appear to be a Single Server

     

    We define a pool of addresses containing the real hosts' addresses ending with "type rotary" making the servers available in round-robin fashion. The access list now permits the IP address of the virtual host, i.e. what the outside world thinks is the host address. So the virtual host is 199.198.5.1 (or any public ip address that is being used to host the servers), with the real hosts being 192.168.1.2 through 4.

     

    interface Ethernet0
    ip address 192.168.1.1 255.255.255.0
    ip nat inside
    !
    interface Serial0
    ip address 207.35.14.82 255.255.255.252
    ip nat outside
    !
    ip nat pool V-Server 192.168.1.2 192.168.1.4 prefix-length 24 type rotary
    ip nat inside destination list 1 pool V-Server
    !
    ip route 0.0.0.0 0.0.0.0 Serial0
    !    
    access-list 1 permit 199.198.5.1
    !

    Router#show ip nat translations
    Pro Inside global   Inside local    Outside local   Outside global
    tcp 199.198.5.1:23   192.168.1.2:23   203.1.2.3:11003  203.1.2.3:11003
    tcp 199.198.5.1:23   192.168.1.4:23   135.88.131.55:11002 135.88.131.55:11002
    tcp 199.198.5.1:23   192.168.1.3:23   118.50.47.210:11001 118.50.47.210:11001
    tcp 199.198.5.1:23   192.168.1.2:23   191.115.37.2:11000 191.115.37.2:11000
    Router#


    **NOTE:- This translation is not bi-directional in nature. We will have to use a one to one static NAT to accomplish it. A "ip nat inside source static" kind of funtionality can be achieved with the above configuration using a single address in the NAT pool, but that would only work for outside to inside traffic.