Re: Change destination address, for specific known source ip address

David_Beldi · ‎10-30-2017

Hello guys,

I would really like to know if its possible to redirect traffic, to different destination, depending on the source ip address. I have 2 servers on my network and I've tried almost everything but its not working.

I've been told to use PBR but PBR doesnt support change of destination, it just supports the way packets are routed to the same destination.

I've made different vlans for servers, just so they could be in different networks but no luck.
Is that possible making some kind of destination NAT for specific source ip adddress?

Or also i've been told to use ios SLB( server load balancer) but will it really work ? does anyone have any ideas please?

similar discussions that I've looked at?

https://supportforums.cisco.com/t5/getting-started-with-lans/change-destination-address/td-p/1506709

Flavio Miranda · ‎10-30-2017

Hello @David_Beldi

Maybe if you explain a bit more about the objective would be easier to someone point you on the right direction and maybe even offer a solution.

I dont think however Load Balance is going to help here, NAT is more probably.

As per I could understand, you need that a couple of servers go to a different destination right?

-If I helped you somehow, please, rate it as useful.-

David_Beldi · ‎10-31-2017

Hello @Flavio Miranda,

thank you, for your reply.

okey, so we have 1 public ip address, which have staticlly sat nat and pat for, so as soon as you try to ssh on that public ip address on port 22 it will take you to our server 1.

Problem is, we also have server 2, and we want to set it up so when specific computers with specific source ip addresses try to access our public ip address, they will be redirected to server 2, instead of server 1?? its like we want to change destnation nat, for specific ip addresses?

Hopefully it was helpfull

thanks for your help and time,

david

Flavio Miranda · ‎10-31-2017

Is it the source know? I mean, do you know which IP need to access which server?

Or it is the origin of the traffic unknown or it is a range of IP ?

-If I helped you somehow, please, rate it as useful.-

David_Beldi · ‎10-31-2017

yup source ip address(you could say origin of the traffic) is detected by ids, so yup it is known, and we just want traffic from that specific source ip address to be redirected to server 2?

problem is we have static nat and pat, which takes ALL our traffic to server 1 :(

thank you for your time

david

Flavio Miranda · ‎10-31-2017

Did you try PAT already?

x.x.x.x:1001==> Server1

x.x.x.x:1002==> Server2

then you can instruct the origin to send on the designated port.

-If I helped you somehow, please, rate it as useful.-

David_Beldi · ‎10-31-2017

Hello sorry,

i didnt get it, at this stage i have this,

ip nat inside source static tcp 11.0.10.5 22 192.168.1.4 22

it means everyone that tried to ssh on my public ip address on 192.168.1.4, on port 22 will be redirected to my server 1(11.0.10.5) port 22

so i am really just stuck figuring out how to make sure specific ip source addresses that try to acces ssh 192.168.1.4 on port 22 to be redirected to server 2, lets just say 11.0.20.5 port 22!

paul driver · ‎11-05-2017

Hello

In a cisco rtr and switch you can change ssh to answer on a different port through such features as port-map and rotary commands.

If your server can be changed to answer ssh on a different port then port forwarding via a NAT statement can be accomplish just like you already have applied but obviously with a different specified port.

res

Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul