RE: NAT based on destination IP address?

From: Joseph Brunner (joe@affirmedsystems.com)
Date: Sun Aug 19 2007 - 05:05:55 ART

• Next message: darth router: "ip pim bsr-candidate hash value Backing up BSR mapping agents."
• Previous message: Peter Kingston: "Re: NAT based on destination IP address?"
• Maybe in reply to: Jersey Guy: "NAT based on destination IP address?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I don't believe the "ip nat inside" command can change the destination ip,
Peter. I worked on a nat issue for a client this week where we had to nat
the destination from a unicast ip arriving on s0/0 (the ip nat inside
interface) to a multicast group address and forward the multicast feed out
the "ip nat outside" interface, FO/0, the client lan... I came up with this
as they needed to use multicast on the lan so multiple clients could get a
single unicast stream and outside s0/0 the network didn't support multicast
or broadcast, ruling out "ip multicast helper-map".

So in short I believe only "IP NAT OUTSIDE" can change destination ip...

Any takers?

-Joe

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Peter Kingston
Sent: Sunday, August 19, 2007 3:49 AM
To: NITIN NITIN
Cc: Herbert Maosa; Jersey Guy; Cisco certification
Subject: Re: NAT based on destination IP address?

Hello,

If the customer is sourcing traffic from only one destination, I believe the
configuration below should work:

ip nat outside source route-map CUST->10.10.10.1 pool 1 add-route
ip nat outside source route-map CUST->10.10.10.2 pool 2 add-route

route-map CUST->10.10.10.1
 match ip address 100

route-map CUST->10.10.10.2
 match ip address 101

access-list 100 permit ip any host 10.10.10.1
access-list 101 permit ip any host 10.10.10.2

ip nat pool 1 172.16.50.1 172.16.50.1 prefix-length 32
ip nat pool 2 172.16.50.2 172.16.50.2 prefix-length 32

Interface fa0/0
description Customer interface
ip nat outside

interface fa1/0
description Connection to Core
ip nat inside

You can most likely do this with "ip nat inside source" command, which ever
you prefer. I thought of it afterwards and didn't want to rewrite this
e-mail.

-- 
Regards,
Peter Kingston
Studying my CCIE
On 8/18/07, NITIN NITIN <ccie_study_123@yahoo.com> wrote:
>
> Hi,
>
>
>   Can this be a valid solution , m weak in NAT .......
>   If not please guide the right one
>
>   CUSTOMER ip 1.1.1.1/24
>
>   > if the customer is targeting 10.10.10.1, translate the customer's
> source
> > IP
> > to 172.16.50.1
> > if the customer is targeting 10.10.10.2, translate the customer's source
> > IP
> > to 172.16.50.2
>
>   ip nat inside source list 101 POOL ip-1
>
>   access-list 101 permit host 1.1.1.1 10.10.10.1 0.0.0.0 <<<<<matching
> traffic
>
>   pool ip-1 permit 172.16.50.1  172.16.50.1 /24
>
>
>   and on interface cutomer is connected mark as ip nat inside
>
>   Regards
> Herbert Maosa <asawilunda@googlemail.com> wrote:
>   You can NAT the customer's source address if the traffic is going from
> an
> interface marked as outside to an interface marked as inside. The virtual
> address that you NAT this address into must be routable in your inside
> network, and must not be in the same subnet as an inside interface.
>
>
> Herbert.
>
> On 8/17/07, Jersey Guy wrote:
> >
> > Folks, Just looking for some pointers on whether this can be done or
> > not....
> >
> > Customer connects to my router on FA0/1. He presents himself as a single
> > IP
> > address which I need to NAT on my side before sending it on to the core
> > where the applications reside. Can I NAT the customer's source IP
> address
> > to
> > different addresses depending on the target IP address?
> >
> > That is....
> > if the customer is targeting 10.10.10.1, translate the customer's source
> > IP
> > to 172.16.50.1
> > if the customer is targeting 10.10.10.2, translate the customer's source
> > IP
> > to 172.16.50.2
> >
> > TIA, JG
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
>
>
>
> --
> Kindest regards,
> hm
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
> ---------------------------------
> Luggage? GPS? Comic books?
> Check out fitting  gifts for grads at Yahoo! Search.
>
> ---------------------------------
> Choose the right car based on your needs.  Check out Yahoo! Autos new Car
> Finder tool.
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: darth router: "ip pim bsr-candidate hash value Backing up BSR mapping agents."
• Previous message: Peter Kingston: "Re: NAT based on destination IP address?"
• Maybe in reply to: Jersey Guy: "NAT based on destination IP address?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Sep 01 2007 - 11:32:12 ART