12-14-2009 08:09 PM - edited 03-06-2019 08:57 AM
I have two offices with their own internet access and are inter-connected by point-to-point T1s. I am trying to set up an alternate or redundant path from the internet. There are a bunch of other factors, but here’s what I am trying to accomplish:
Traffic comes in from the internet and the firewall translates the destination:
Source => Destination
Any => X.X.4.115
||
Any => 172.20.1.1
Then the traffic hits a router for the T1 and translates the traffics source address to the address on the serial interface on the router:
Source => Destination
Any => 172.20.1.1
||
10.0.27.129 => 172.20.1.1
Next the traffic hits another router and this is where I need help. I need to translate the traffic's destination as demonstrated below but only when the traffic is coming from 10.0.27.129.
Source => Destination
10.0.27.129 => 172.20.1.1
||
10.0.27.129 => 10.0.0.4
I have all the routes set up to make this happen and the reason for all the NATs is due to the firewalls being configured for VPN failover, so they are aware of the different networks and will send the traffice through the VPN, but then the return traffic will go out the other office's firewall and then would be rejected by the stateful table. So what I really need to figure out is how to NAT just the destination IP when the traffic is coming from 10.0.27.129 and going to 172.20.1.1.
Obviously I know how to change the source IP address based on conditions, but I can't figure out how to do the destination address with conditions. Any help would be appreciated. Let me know if you have any questions.
12-26-2009 11:00 PM
i will assume you have al the nating in the first router and second router working except the third one where you want to do nating only if the source and distention the following:
10.0.27.129 => 172.20.1.1
just do the following steps
access-list 100 permit ip host 10.0.27.129 host 172.20.1.1
ip nat pool pool1 10.0.0.4 10.0.0.4 prefix-length 24 .. i assuming this subnet is 24 ( use the correct one )
route-map NAT1
match ip address 100
ip nat inside source route-map NAT1 pool pool1 overload
only make sure that you have the ip nat inside under the interface where the traffic will come in and the exit interface configure it with ip nat outside
good luck
if helpful Rate
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide