Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2353
Views
0
Helpful
3
Replies

NAT same source to different destinations.

keke480925
Level 1
Level 1

‎01-19-2012 05:23 PM - edited ‎03-04-2019 02:57 PM

Hi Guys,

I have a senerio here regarding NATing.

The traffic is initiated from One IP (eg. 192.168.1.1) to two different destinations (eg. 172.21.1.1 and 172.16.1.1)

The source needs to be translated to two different IPs based the destination it tries to access. eg. if source 192.168.1.1 tries to access 172.21.1.1 it will be translated to 10.21.1.1, if source 192.168.1.1 tries to access 172.16.1.1 it will be translated to 10.16.1.1.

The source 192.168.1.1 is at outside interface. The traffic is from outside to inside.

The problem I am having is that when first request from 192.168.1.1 to any of the destination, it gets translated, but when the second request to different destination, it never match the access list, and it just match the current NAT table entry and translate.

I know this is similiar to Multiple ISP senerio except for my case the traffice is from outside to inside.

Is there any way to make it working????

Thanks very much.

Labels:
0 Helpful
3 Replies 3

cadet alain
VIP Alumni
VIP Alumni

‎01-20-2012 12:43 AM

Hi,

Can you post your NAT config as well as route-maps.

Regards.

Alain

Don't forget to rate helpful posts.
0 Helpful

Neeraj Arora
Level 3
Level 3

‎01-20-2012 07:57 AM

Dong,

I don't think what you are trying to achieve is possible. Atleast not from outside to inside.

If the Inside and outside zones were to be reversed then yes, you can configure NAT to check the destination and then change the source of the packet.

In your scenario:

- "ip nat outside source static" will not work as it will always check the source of the packet and will execute the first NAT command it hits, so the second entry will never be used. I am even doubtful that it will let you configure a second static NAT entry with the same Global outside ip

- "ip nat outside source list" command will not work because again in the ACL you will be matching 192.168.1.1, and that too only Standard ACL is accepted, so there won't be any checks for the destination ip. And as per my experience, if we use route-map here and an extended ACL, then the destination is not checked

If anyone else have a workaround for this, I should be interesting to know about it

Hope it helps

Neeraj

0 Helpful

keke480925
Level 1
Level 1
In response to Neeraj Arora

‎03-20-2012 08:51 PM

Yes, you are right Neeraj, unless we swap between outside interface and inside interface, there is no other way to do it.

Tested in the lab.

Thanks very much.

0 Helpful
Customers Also Viewed These Support Documents