Policy NAT

wasiimcisco · ‎03-14-2011

Hi,

I have one network setup

Router LAN 172.16.15.7

Router WAN: 10.15.1.101

Destination IP address 30.30.30.1

Source IP address from Clients will be : 192.168.10.10

I dont want 30.30.30.1 to be routed inside my LAN. I want to nat it into another IP address 172.16.15.8. How can I achieve this.

ip access-list extended ACL_AD
permit ip any host 172.16.15.8

interface FastEthernet0
description ***CONNECTED TO WAN******
ip address 10.15.1.101 255.255.255.252
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
end

!
interface Vlan200
description **CONNECTED TO LAN****
ip address 172.16.15.7 255.255.255.0
ip nat inside
ip virtual-reassembly
end

Please let me know how to achive this.

Thanks in advance.

sansarav720e · ‎03-14-2011

Hi Wasiim,

Please clear following thing ,

Is 30.30.30.1 resides inside your LAN segment or on outside segment (WAN)

Client is located inside your LAN segment (192.168.10.x ) or they are from WAN segment who need to access your LAN resource .

Your Question is little confusing ,

Normally NAT is used to hide your internal IP address from outside wan , Please correct if i have understood requirements correctly u want to hide your internal client ip address 192.168.10.10 while reaching to destination 30.30.30.1 with NAT IP address 172.16.5.8

or else your are looking something other than this , Post little clealry

HTH Regards Santhosh Saravanan

rtjensen4 · ‎03-14-2011

Wasiim,

I'm making a couple assumptions here...

A. You have a host 192.168.10.10 coming from somewhere on your internal LAN that wants to get to 30.30.30.1.

B. You want 192.168.10.10 to access 172.16.15.8 instead of 30.30.30.1 though correct?

On your router, try this:

ip nat outside source static 30.30.30.1 172.16.15.8

This will create a NAT translation like this:

Router(config)#do sh ip nat trans
Pro Inside global Inside local Outside local Outside global
--- --- --- 172.16.15.8 30.30.30.1

HTH

wasiimcisco · ‎03-14-2011

Sorry for not giving the proper information.

192.168.10.0/24 is my Internal LAN

30.30.30.1/32 is the WAN IP address (A server located in Remote Location).

I dont want the user to access this Server on real IP address I want to give them NATTED IP ADDRESS OF 172.16.15.8. So that whenever user access 172.16.15.8 it will redirect to real server 30.30.30.1.

I hope this will clear the confusion.

sansarav720e · ‎03-14-2011

Hi Wasim ,

Got your requirement for natting ,

It can be done in two ways .

1) If you have control over remote site were this server is located ,perform a static nating there with the ip address which ever you are looking for (From 30.30.30.2 --> 10.10.10.2) .But really it cannot be with your LAN IP 172.16.5.8 , It should be in some other range . This would be easier way to achieve.

Else you if want in same the way what your are excepting you want to double natting at source side as well on destination side

At your source side router .

ip nat outside source static 172.16.5.9 30.30.30.2

ip route 172.16.5.9 255.255.255.255 X.X.X.X (wan ip address )

At you destination side router

ip nat inside source static 30.30.30.2 172.16.5.9

HTH Regards Santhosh Saravanan

wasiimcisco · ‎03-14-2011

I have no control on the remote side. The reason of doing natting is that I dont want to route 30.30.30.1 in my LAN. That is why I want to give NATTED IP (172.16.15.8) instead of real IP.

Routing Table is mentin below.

ip route 0.0.0.0 0.0.0.0 172.16.15.1 (My Internet Firewall)

ip route 130.130.1.0 255.255.255.0 10.15.1.102 (is the remote side branch router where this server (30.30.30.1) is located and not manage by me).

Please let me know how to achieve this.

wasiimcisco · ‎03-16-2011

Can anyone reply on this.