Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
789
Views
0
Helpful
2
Replies

Destination NAT on a Router for 1 Source IP

CiscoGirl
Level 1
Level 1

‎12-19-2018 02:58 PM - edited ‎12-20-2018 07:32 AM

Hi All,

This is fancy NAT question for yal and most people don't have to do this, but my network is very restrictive! 

 

Internet works fine for all devices and I have PAT on my firewall already.

I want to do this before it hits my firewall, which is on my local router that this machine sits at.

 

To get postage rate updates, this Postage-Machine-10.2.2.251 goes to 8.8.8.8 for DNS.  Somewhere in the programming which I can't control, it uses DNS-PUBLIC-8.8.8.8.  

 

My company firewall blocks all public DNS and they said no to opening it up for this and told me to NAT it.  So I want to NAT the destination  DNS-PUBLIC-8.8.8.8 to my internal DNS-PRIVATE-10.10.10.1 for this 1 SOURCE-POSTAGE-MACHINE-10.2.2.251

 

I only want to do this to 1 SOURCE-POSTAGE-MACHINE-10.2.2.251 only and not all source.

 

Source (postage machine): 10.2.2.251

Destination: 8.8.8.8 UDP-53  -->   NAT to 10.10.10.1 UDP-53

-------------------------------------------------------------

 

I thought of this, but the thing is that the below allows any source to go to 8.8.8.8 to be NATed.  I only want 1 ip 10.2.2.251 to be able to do this NAT, not all source.  This is how I would do it, but I'm just missing on how I would restrict it to this 1 source ip instead of applying it to all source ip.

 

ip nat outside source static udp 8.8.8.8 53  10.10.10.1 53 extendable

 

interface Gig0

 ip address 10.2.2.1 255.255.255.0

 ip nat inside

 

interface Serial0

 description MPLS

 ip address 208.1.1.1 255.255.255.252

 ip nat outside

 

 

 

Labels:
0 Helpful
2 Replies 2

paul driver
VIP
VIP

‎12-19-2018 03:39 PM - edited ‎12-19-2018 03:42 PM

Hello
Your host machine has the same ip address as you nat routers inside lan facing interface?

As for the dns, your pc will use google dns anyway so you dont need a static  nat outside entry for that, A simple static inside nat entry should work fine as long as it doesn't conflict wth the rts lan facing interface ip.

example:
ip nat inside source static udp 10.2,2,X.10 53 interface serial0 53


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

CiscoGirl
Level 1
Level 1
In response to paul driver

‎12-20-2018 06:56 AM - edited ‎12-20-2018 07:34 AM

My devices can access internet and works and is being PAT at the firewall, my firewall blocks all public DNS, the company does not allow public DNS. So I want to NAT this destination public DNS-8.8.8.8 to my private DNS-10.10.10.1 before it hits the firewall. This only effects this 1 postage machine 10.2.2.251, that has a public DNS-8.8.8.8 hard coded into their programming which no one can change.

0 Helpful
Customers Also Viewed These Support Documents