Re: Destination NAT or Hide NAT

NeWGuy1109 · ‎08-21-2019

Hello,

I have a doubt while doing Destination NAT or Hide NAT for Multiple IPS.

Suppose - 192.168.1.1-10 --> 10.10.10.11 & 10.10.10.12 on port 80

I want 192.168.1.1-10 to hit 2.2.2.2 and that will get translated to 10.10.10.11 & 10.10.10.12

My Question is can i use a single NAT ip for both these destinations ? Suppose one of the IPs makes a connection to 10.10.10.11 with NAT IP 2.2.2.2 , will another connection be successful with only one NAT IP and same port ?

Georg Pauwen · ‎08-21-2019

Hello,

it is unclear what you are trying to accomplish:

You want 192.168.1.1 thru 192.168.1.10 translated to 2.2.2.2 first, and then to either 10.10.10.11, or 10.10.10.12 ? All IP addresses are configured on the same router ?

paul driver · ‎08-21-2019

Hello

@NeWGuy1109 wrote:

Hello,

I have a doubt while doing Destination NAT or Hide NAT for Multiple IPS.

Suppose - 192.168.1.1-10 --> 10.10.10.11 & 10.10.10.12 on port 80

I want 192.168.1.1-10 to hit 2.2.2.2 and that will get translated to 10.10.10.11 & 10.10.10.12

My Question is can i use a single NAT ip for both these destinations ? Suppose one of the IPs makes a connection to 10.10.10.11 with NAT IP 2.2.2.2 , will another connection be successful with only one NAT IP and same port ?

Sounds like you may need to LB your nat but to clarify
192.168.1.1 -10 are you inside local addresses (lan)
10.10.10.11-12 are you inside global addresses (wan)
2.2.2.2 is a public ip address that you want to reach and is reachable from 10.10.10.11-12

Example of possible NAT LAB
access-list 100 permit tcp host 10.10.10.11 any eq 80
access-list 100 permit tcp host 10.10.10.12 any eq 80
ip nat pool LB 192.168.1,1 192.168.1.10 prefix-length 24 type rotary

ip nat inside destination list 100 pool LB

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

NeWGuy1109 · ‎08-21-2019

Hi,

Its a multi Tenant Environment where the Source Address are a group of 192.168.1.1-10 (10 IPs) and they need to reach the Destination 10.10.10.11 and 12.

But there is a restriction for traffic flow with respect to these subnets , so i want to DNAT/HideNAT the Destinations behind the routable 2.2.2.2. But the Problem is that i feel DNAT is one to one only and if i assign a single NAT IP to 2 Destinations it might not work for both of them

Thanks

paul driver · ‎08-22-2019

Hello

So the 10.10.10.11-12 are outside your lan network and visibility into your network is for these hosts is to hit 2.2.2.2 correct
hosts >10.10.10.11-12 <--> 2.2.2.2 <nat lan>192.168.1.1 -10

So if the above is correct and the example i provided previously traffic from those two host should load balance to your lan host in the nat pool

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

NeWGuy1109 · ‎08-28-2019

Thanks for the reply...

For a better understanding suppose there is a following Static NAT rule .

Source - 192.168.1.1 Destination 10.10.10.1-10 Translated Source - Same Translated Destination 10.80.25.1-10

So in this case each IP for Destination 10.10.10.X will be translated to 10.80.25.X for each individual communication ?