How to use "Ip nat inside destination" - Basic understanding

Neeraj Arora · ‎11-26-2009

IP NAT INSIDE DESTINATION:- (TCP load balancing)

When to be used:: Multiple Inside Devices are Identical Servers with Mirrored Content, which from the Outside Appear to be a Single Server

We define a pool of addresses containing the real hosts' addresses ending with "type rotary" making the servers available in round-robin fashion. The access list now permits the IP address of the virtual host, i.e. what the outside world thinks is the host address. So the virtual host is 199.198.5.1 (or any public ip address that is being used to host the servers), with the real hosts being 192.168.1.2 through 4.

interface Ethernet0
ip address 192.168.1.1 255.255.255.0
ip nat inside
!
interface Serial0
ip address 207.35.14.82 255.255.255.252
ip nat outside
!
ip nat pool V-Server 192.168.1.2 192.168.1.4 prefix-length 24 type rotary
ip nat inside destination list 1 pool V-Server
!
ip route 0.0.0.0 0.0.0.0 Serial0
!
access-list 1 permit 199.198.5.1
!

Router#show ip nat translations
Pro Inside global   Inside local    Outside local   Outside global
tcp 199.198.5.1:23   192.168.1.2:23   203.1.2.3:11003 203.1.2.3:11003
tcp 199.198.5.1:23   192.168.1.4:23   135.88.131.55:11002 135.88.131.55:11002
tcp 199.198.5.1:23   192.168.1.3:23   118.50.47.210:11001 118.50.47.210:11001
tcp 199.198.5.1:23   192.168.1.2:23   191.115.37.2:11000 191.115.37.2:11000
Router#

**NOTE:- This translation is not bi-directional in nature. We will have to use a one to one static NAT to accomplish it. A "ip nat inside source static" kind of funtionality can be achieved with the above configuration using a single address in the NAT pool, but that would only work for outside to inside traffic.