Destination NAT based on source subnet

rkatarzy · ‎12-06-2013

I am in a situation where the provider is advertising 2 subnets via the Mobistar router. I cannot do any changes on this Mobistar router.

-C4 is in Subnet 10.10.10.0/24

-C3 is in Subnet 10.10.11.0/24

RouterANT is a router on a stick towards SW3, and handles the traffic from C4 & C3 to the Mobilink_server(10.0.0.1/24).

This is the situation I want to have:

-C3 (10.10.11.1) needs to connect to VDCMobilink(192.168.0.1) instead of Mobilink_server(10.0.0.1/24). I need to NAT the destination traffic for 10.0.0.1 to 192.168.0.1

-But the traffic from C4 towards the Mobilink_server can not be translated and must remain unharmed.

-The only place I can change configuration is RouterANT

Is this possible? And how can I accomplish this?

Jon Marshall · ‎12-06-2013

Firstly i do not have a router to test this on so you try it at your own risk ie. if it stops communication within your network don't hold me responsible.

The interface on RouterANT that the traffic from 10.10.11.1 arrives on should have "ip nat outside" configured on it. The interface connecting to the VDCMobilink server should be "ip nat inside". The rest of the config -

ip nat inside source static 192.168.0.1 10.0.0.1 route-map NAT extendable

access-list 101 permit ip host 192.168.0.1 10.10.11.1

route-map NAT permit 10

match ip address 101

What this should do is only translate 192.168.0.1 to 10.0.0.1 when communicating with 10.10.11.1

As i say, no guarantees because i can't test it so i would do it out of hours if you can.

Jon

rkatarzy · ‎12-06-2013

Hi Jon,

Thanks for the reply. I justed tested this in GNS, but the destination traffic orginating from 10.10.10.0/24 is also translated to the destination ip 192.168.0.1.

Regards

Raf

Jon Marshall · ‎12-06-2013

Raf

What do you mean. Can you give me an example ?

Jon

rkatarzy · ‎12-06-2013

Jon,

I mean that the traffic originating from 10.10.10.1/24 an 10.10.11.1/24 has a destination translation 10.0.0.1 ->192.168.0.1

traffic from 10.10.10.1/24 should go to 10.0.0.1 directly.

A extra comment: traffic from 10.10.10.1 and 10.10.11.1 arrives on the same interface on RouterANT. that interface has "ip nat outside" configured on it.

Regards

Raf

Jon Marshall · ‎12-06-2013

Raf

Sorry, there was a typo in my acl. Instead of -

access-list 101 permit ip host 192.168.0.1 10.10.11.1

it should be -

access-list 101 pernit ip host 192.168.0.1 host 10.10.11.1

Jon

rkatarzy · ‎12-06-2013

Hi Jon,

A typo is not possible in a router ;), I added the entire subnet.

access-list 101 permit ip host 192.168.0.1 10.10.11.0 0.0.0.255

Regards

Raf

Jon Marshall · ‎12-06-2013

Raf

Then i can't see why it would tranlsate the 10.10.10.0/24 network as well because that is not allowed in the acl.

Jon

rkatarzy · ‎12-08-2013

Hi Jon,

Even with a deny any any on access-list 101, the translation goes through. Very strange.

Regards

Raf K