Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
497
Views
0
Helpful
2
Replies

Destination IP Address NAT

johnson.joseph
Level 1
Level 1

‎07-02-2018 05:55 AM - last edited on ‎03-25-2019 04:48 PM by Community Manager

Hello everyone,

This is my first post.

I need to provide a solution in my office, & current setup is like there are 100~ users, & they configured to connect to anyone of the 3 listed (172.16.0.10, 10.0.0.10, etc)WAN servers on port TCP 4728 for MS patch updates, now we have commissioned a new server "192.168.98.100" in our Local datacenter and want all the users to connect to this one, since the user count is a lot, it will be very tedious process to change configuration on users machine for this new server.

What we want to achieve is to perform some kind of NAT configuration which translate only the Destination IP address for request that goes from users to old servers , for example when user1(x.x.x.x ->172.16.0.10"oldserver") translate (x.x.x.x ->192.168.98.100"newserver"), user2(x.x.x.x->10.0.0.10"oldserver")translate (x.x.x.x->192.168.98.100"newserver"). The transaction is basically download MS Patch from server. The attached diagram has more information in picture form, please help me to implement.. or suggest if there is any other way. regards
Johnson

Labels:
Preview file
69 KB
0 Helpful
2 Replies 2

Steven Case, MBA-ITM
Level 1
Level 1

‎07-02-2018 11:26 AM

I think I understand. You're likely looking for Dynamic NAT, which I've seen on ASA appliances but have never attempted with any other Packet Switching Appliance (e.g. Routers, ISR, etc.).

 

Do you have an ASA55XX? Is this appliance located in an area where the appliances will pass through?

 

If so, I can walk you through the ASDM method of pulling this off. It's extremely easy to do, in that the layout of the page is identical to what you're describing you want to do.  Under Configuration ==> Firewall ==> NAT Rules, add a new translation (before, after, between in any way that works for your setup). The window that pops up will provide a few criteria. Define the Source interface (if necessary, as it defaults to "Any"), the Destination interface (again, if necessary), the address range for source, the address range for destination (as in, the old server destination), and the service (tcp/4728).

 

Under the "Action: Translated Packet", do a static NAT, keep source address as "--Original--", and set the destination address to the desired IP address (192.168.98.100). Keep the service the same, or change it if necessary, and make sure the direction is set to a specification you are satisfied with (defaults to "Both", but unidirectional may be desired for security and clarity).

 

I've had mixed results, but it generally goes off without a hitch.

0 Helpful

johnson.joseph
Level 1
Level 1
In response to Steven Case, MBA-ITM

‎07-02-2018 08:18 PM

Hi Steven,

Thanks for your reply, but we don't have firewall ASA in the
infrastructure, we require configuration for branch Cisco router.

Thanks
Johnson
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card