Re: NAT scenario and understanding question

From: Ivan (ivan@iip.net)
Date: Thu Aug 03 2006 - 05:50:19 ART

• Next message: Alex De Gruiter \(AU\): "RE: Port Secure w/ IP Address."
• Previous message: bindong.shi@gmail.com: "tunnel in OSPF"
• Maybe in reply to: san: "NAT scenario and understanding question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

source static nat create in translation NAT-table permanent entry.
Keyword "source" mean that only inside address must be translated. Static mean
permanent entry (i repeated). Once entry already exist in translate table any
packet matchint conditions will be translated.
If packet from inside interface to outside then source will be translated.
If packet from outside to inside then destination will be translated. The same
as classic NAT.

On Thursday 03 August 2006 01:28, san wrote:
> Hi,
>
> I have a trouble understanding NAT. and decide on what to apply inside
> destination or outside destination....etc..
> ( I understand what happens with " inside source" translations.)
>
> Can you Please pass me a reference or guide on how to choose NAT
> translations . ?
>
>
> Can you also look at the below question and explain why did they choose
> inside source ?, while the 54.1.8.6 and 192.10.1.112 are destination
> addresses ?
> This question is taken from IE WB 16, section 11.1
>
> Question:
>
> Further monitoring of R6 has shown that most of the brute force attacks are
> going to the IP address of the interfaces connected to BB1 and BB3. In
> order to distract hackers and analyze their attack techniques your security
> team has installed a honeypot terminatl in vlan16 with a blank root passwd.
> Configure R6 so that all telnet and SSH requests sent to its outside
> interfaces are redirected to the honey pot.
> This machines ip address is 192.10.1.112
>
>
>
> interface GigabitEthernet0/0.16
> ip nat inside
> !
> interface GigabitEthernet0/0.63
> ip nat outside
> !
> interface Virtual-Template1
> ip nat outside
> !
> ip nat inside source static tcp 192.10.1.112 22 54.1.8.6 22 extendable
> ip nat inside source static tcp 192.10.1.112 23 54.1.8.6 23 extendable
> ip nat inside source static tcp 192.10.1.112 22 204.12.1.6 22
> extendable
> ip nat inside source static tcp 192.10.1.112 23 204.12.1.6 23
> extendable

-- 
Ivan

• Next message: Alex De Gruiter \(AU\): "RE: Port Secure w/ IP Address."
• Previous message: bindong.shi@gmail.com: "tunnel in OSPF"
• Maybe in reply to: san: "NAT scenario and understanding question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Sep 01 2006 - 15:41:55 ART