can we do source and destination nat on same public ip while hav

Faizan Khursheed · ‎03-07-2012

Hi

Ihave scenario where i have 172.16.16.12 its for source will translate to 94.56.x.x

and if any traffci comming from internet to 94.56.X.x it translate to 172.16.16.11

Kinldy keep in mind 94.56.X.X should be same at the time of source naating and destination natting

Thanks

Neeraj Arora · ‎03-07-2012

Hi Faizan,

you can use the same Public ip for outgoing traffic (towards internet) and for incoming traffic from Internet ONLY IF you can narrow down the ports that would be used from the Internet while coming into your network with destination 94.56.x.x

For eg.:

access-list 100 permit ip host 172.16.16.12 any

ip nat pool test 94.94.94.94 94.94.94.94 prefix-lenght 32

ip nat inside source list 100 pool test overload

ip nat inside source static tcp 172.16.16.11 80 94.94.94.94 80

ip nat inside source static tcp 172.16.16.11 443 94.94.94.94 443

In the above config, whenever host 172.16.16.12 goes out to internet for browsing, it will use the public ip but when someone tries to access this public ip address from Internet on either port 80 or 443, then it will send the traffic to 172.16.16.11

Note: in the above config, 172.16.16.11 cannot initiate any sessions out to internet, it can only respond to sessions initiated by an Internet user by accessing 94.94.94.94 on port 80/443

Hope the above explanation clears your doubt.

Neeraj

Faizan Khursheed · ‎03-08-2012

Neeraj

Thanks for reply.Actaully i will elaborate more i have MAIL-SERVER

Below is my Traffic flow

For outgoing Private IP 172.16.16.12

For incoming Private IP 172.16.16.11

Public IP only one :94.56.X.X

Email Gateway to Internet

Send Email---------->Email Gateway( 172.16.16.12)-------->94.56.X.X............>Internet (Source natting)

Internet to Email Gateway

User<----------Email Gateway( 172.16.16.11)<--------94.56.X.X<..........Internet (Destination natting)

Below is my configuration if any thing is missing kindly correct me

-----------------------------Source nat Traffic coming from Inside to Outside

ip nat pool POOL4 94.56.X.X 94.56.200.39 netmask 255.255.255.0

ip access-list extended Mail-2

permit ip host 172.16.16.14 any

ip nat inside source list Mail-2 pool POOL4 overload

ip nat inside source static tcp 172.16.16.14 25 94.56.X.X 25

-----------------------Destination NAt traffic comnig from Internet to Insid-------------------------------------------

ip nat pool POOL3 172.16.16.13 172.16.16.13 netmask 255.255.255.0 type rotary

ip nat inside destination list Inside2 pool POOL3

ip access-list extended Inside2

permit tcp any host 94.56.X.X eq smtp

Thanks

Faizan Khursheed · ‎03-08-2012

Sorry i need to change IPs

For outgoing Private IP 172.16.16.14

For incoming Private IP 172.16.16.13

Public IP only one :94.56.X.X

Email Gateway to Internet

Send Email---------->Email Gateway( 172.16.16.12)-------->94.56.X.X............>Internet (Source natting)

Internet to Email Gateway

User<----------Email Gateway( 172.16.16.11)<--------94.56.X.X<..........Internet (Destination natting)

Below is my configuration if any thing is missing kindly correct me

-----------------------------Source nat Traffic coming from Inside to Outside

ip nat pool POOL4 94.56.X.X 94.56.X.X netmask 255.255.255.0

ip access-list extended Mail-2

permit ip host 172.16.16.14 any

ip nat inside source list Mail-2 pool POOL4 overload

ip nat inside source static tcp 172.16.16.14 25 94.56.X.X 25

-----------------------Destination NAt traffic comnig from Internet to Insid-------------------------------------------

ip nat pool POOL3 172.16.16.13 172.16.16.13 netmask 255.255.255.0 type rotary

ip nat inside destination list Inside2 pool POOL3

ip access-list extended Inside2

permit tcp any host 94.56.X.X eq smtp

Thanks

can we do source and destination nat on same public ip while having different Private ip address