03-17-2007 01:38 PM - edited 03-05-2019 02:58 PM
The company I work for has a number of remote branches that are only able to route traffic on a 10.1.xxx.xxx network.
A requirement to allow these branches to connect to a public IP (port 2700) is proving somewhat of a headache - since the routes are unreachable. It is not possible to make changes on those routers as it is a managed network and would be costly.
I have a 1721 router that has two ethernet interfaces. I want to be able to use the inside interface (10.1.99.99) to 'proxy' these sessions onto the remote host (via the second e0) based on traffic hitting the 10.1.99.99 interface on port 2700.
Is this something that can be achieved using ip nat statements ?
Thanks in advance for any useful advice.
03-17-2007 03:08 PM
Hi
Assuming your e0 interface on your router has a publically routable IP address you can use nat with a route map for this.
ip nat inside source route-map natclients interface e0 overload
access-list 101 permit ip 10.1.x.x 255.255.0.0 host "public ip"
route-map natclients permit 10
match ip address 120
If you only want to NAT internal clients when they are trying to communicate with the public IP on 2700 you can modify access-list 101 to
access-list 101 permit tcp 10.1.x.x 255.255.0.0 host "public IP" eq 2700
HTH
Jon
03-20-2007 01:40 PM
Thanks for the reply.
I managed to remedy the problem by placing a PIX 506 on the network and using dnat (using the alias command) to map an internal 10.1.xx.xxx address to the public IP address that I want the internal clients to reach.
Rgrds
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide