Ip nat when you have 2 destination ip's nat to same destination

ventusriva · ‎03-01-2024

I have a solution I need to configure where I need to do a destination nat translation from two ip's address using the same ports to one destination ip address using the same port. See example below

destination ip 10.1.1.1 and port 1000 nat to 20.1.1.1 and port 1000

destination ip 10.2.2.2 and port 1000 nat to 20.1.1.1 and port 1000

Which is the best practice for this.

interfaces would be gig0/0 ethernet wound be the source side and 2 tunnel interfaces would be the outside where all destinations reside.

paul driver · ‎03-03-2024

Hello
Can you elaborate please, is host 200.1.1.1 the public ip address you own which you would like to use for DNAT or is it just a specific external host wanting to access those two internal hosts on the same ports.

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

ventusriva · ‎03-03-2024

Good evening the solution is that the private addressing side source will be reaching out to a 2 different destination ip's and we need the destination to change in order to be routed to that new destination ip if it matches a particular port number.

There is going to be two different destination ip's that will need to be natted to a single new destination ip if they match the specific port (same port number on both destination ip's).

breakout:

source ip of 10.10.10.0/24 with a destination ip 10.1.1.1 and port 1000 nat to 20.1.1.1 and port 1000

also source ip 10.10.10.0/24 with a destination ip 10.2.2.2 and port 1000 nat to 20.1.1.1 and port 1000

As you see there is 2 different destinations (same port) that they want to repoint to 1 specific new destination (as the same port).

Another note is that these do not traverse the internet at all and is over a private mpls connected network so even though they are public ip's they are not routing over the public internet.

Thank you for your time on this.

paul driver · ‎03-04-2024

Hello
If i understand you you correctly then that will not be possible, Having two different hosts port address translated to the same post nat address.
Maybe if you share a topology diagram it will become much clearer?

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

ventusriva · ‎03-04-2024

I have uploaded the diagram.

ventusriva · ‎03-04-2024

I was thinking if this may work as designed Traffic from the outside internet g0/0/0 destined for the 10.1.1.1 on port 1000 and 10.2.2.2 port 1000 would nat to the outside interfaces T1 and T2 ip of 20.1.1.1 to port 1000.

Please let me know if this seems viable.

ip nat inside source static tcp 20.1.1.1 1000 10.1.1.1 1000 no-alias
ip nat inside source static tcp 20.1.1.1 1000 10.2.2.2 1000 no-alias

interface Tunnel1
ip nat inside

interface Tunnel2
ip nat inside

interface GigabitEthernet0/0/0.1100
ip nat outside

touter(config)#do show ip nat translations
Pro Inside global Inside local Outside local Outside global
tcp 10.1.1.1:1000 20.1.1.1:1000 --- ---
tcp 10.2.2.2:1000 20.1.1.1:1000 --- ---