ā05-26-2014 05:02 AM - edited ā03-04-2019 11:01 PM
Hi,
I am trying to figure out destination NAT for all DNS traffic where destination address can be any public IP traversing through the router and it should get natted to specific IP address located on network present out of outside interface
IPtables equivalent configuration is
iptables -t nat -A PREROUTING -p tcp --dport port -j DNAT --to-destination ip:port
Can we have a configuration in Cisco where it just NAT's destination IP address of the any UDP traffic on port 80 or 53
Thanks in advance
Hitesh
Solved! Go to Solution.
ā05-27-2014 06:47 AM
Hello
Something like this?
access-list 100 permit udp any eq 80 any eq 80
access-list 100 permit udp any eq 53 any eq 53
or
access-list 100 permit udp any eq 80 host x.x.x.x public ip) eq 80
access-list 100 permit udp any eq 53 host x.x.x.x public ip) eq 53
ip nat pool LOCAL 192.168.1.1 192.168.1.1 prefix-length 24
ip nat outside source list 100 pool LOCAL
res
Paul
ā05-27-2014 06:47 AM
Hello
Something like this?
access-list 100 permit udp any eq 80 any eq 80
access-list 100 permit udp any eq 53 any eq 53
or
access-list 100 permit udp any eq 80 host x.x.x.x public ip) eq 80
access-list 100 permit udp any eq 53 host x.x.x.x public ip) eq 53
ip nat pool LOCAL 192.168.1.1 192.168.1.1 prefix-length 24
ip nat outside source list 100 pool LOCAL
res
Paul
ā05-28-2014 12:13 AM
Hi Paul,
Thanks for your reply i tried it and it worked ok.
the access-list has to be as below
access-list 101 permit tcp any any eq telnet
and it matches the traffic from inside to outside and outside to inside as well.
Thanks for the hint.!
Cheers
Hitesh
ā05-28-2014 07:23 AM
Hi There,
I tried this in production but when traffic is travelling from inside to outside the destination is not translating.
Any pointers?
TIA
Hitesh
ā05-28-2014 07:33 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide