Cisco 1841 NAT question

nickspender · ‎02-24-2016

Hello All

This is my first post :) go easy on me.

I have an old Cisco 1841 running 15.1(4). This act as our router for a VoIP phones. I have two simple NAT rules show below:

ip nat inside source list INTERNET interface FastEthernet0/0 overload - This NAT allows internet access
ip nat inside source static tcp 192.168.0.201 3389 interface FastEthernet0/0 3389 - This NAT allows public access via RDP to 192.168.0.201.

How heres my question, obviously when I RDP to our public IP address it is translated to 192.168.0.201. Also obviously the RDP sessions source IP address will be where the RDP session came from i.e my home public IP. Is there any way of fooling the server via a nat rule to change the originating IP address to i.e 192.168.0.150

Hope this makes sense, Im sure if it can be done its pretty simple

Many Thanks

Nick

Richard Burts · ‎02-24-2016

Nick

I am not clear why you would want to fool the server into believing that the source address was 192.068.0.150. But if you do this I believe that it creates a problem. If the server believes that the source was 192.168.0.150 then it believes that the source is a local address and it will arp for that address and attempt to send the response locally. What the server needs to do is to send the response to the router (as its gateway) so the router can translate the addresses.

HTH

Rick

HTH

Rick

nickspender · ‎02-25-2016

Not sure my self why I want too either, more of the fact I want to see if I can manipulate the source IP using a NAT rule....its more of a lab test than a production config

Jon Marshall · ‎02-25-2016

Is the IP address you want to NAT your home IP to a spare IP in the 192.168.0.x subnet ?

Is it just your home IP you want to test this for ?

With IOS overloading outside to inside is not possible so if it is multiple IPs then you would need a NAT pool.

If it is just your home IP though you can use a static translation.

Jon

nickspender · ‎02-25-2016

Yes the server is 192.168.0.200 and I want to RDP to that server as if I was coming from 192.168.0.150

Jon Marshall · ‎02-25-2016

Assuming 192.168.0.150 is not the interface IP on the router -

"ip nat outside source static <public IP> 192.168.0.150 add-route"

Jon

nickspender · ‎02-25-2016

Yes you are correct the IP on the router is a public IP.

Jon Marshall · ‎02-25-2016

Nick

Not sure what you mean.

The router will have a public IP but also a private IP for it's LAN interface.

I was simply saying if the LAN interface is in the 192.168.0.x subnet then the IP you use to translate your home machines IP cannot be the interface IP.

The public IP in that NAT statement is your home IP.

Jon

Jon Marshall · ‎02-24-2016

Nick

You can do this and you usually do it when the default gateway of the server is not the L3 device you come in through ie. the server would send the return packets to a different L3 device.

Is that the case here ?

If not, as with Rick, not sure why you want to do this.

Jon

nickspender · ‎02-25-2016

I have a NAT rule for RDP to an internal server from my public IP:

ip nat inside source static tcp 192.168.0.201 3389 interface FastEthernet0/0 3389

Id like to some how fool the server via a NAT rule to think that i.e 192.168.0.150 is actually making an RDP connection to 192.168.0.201

Kinda make sense