From: CCIEin2006 (ciscocciein2006@gmail.com)
Date: Fri Sep 28 2007 - 15:34:20 ART
Hello Experts,
Is it possible to NAT the destination address for traffic locally generated
on a router?
Lets say you wanted to play a mean trick on your co-workers, and have them
think they're telnetting into one router only to be
redirected to another router because the destination address is NAT'd.
In the example below you are doing a telnet from R1 to IP 5.5.5.5 which is
NAT'd to 2.2.2.2 (IP of R2)
(R1)----------(R2)
1.1.1.1 2.2.2.2
Here's the problem I'm seeing:
1.1.1.1 ----> 5.5.5.5 ->(NAT'd to 2.2.2.2)
1.1.1.1 <--- 2.2.2.2 (Not being NAT'd back)
I tried testing this but the problem is that the return traffic is not being
NAT'd back to the original address.
I see the SYN ACK come back from R2 with a source of 2.2.2.2 but it does not
get NAT'd back to 5.5.5.5.
Meanwhile R1 thinks this is traffic from a different session and sends a
RST.
Is there any way to get this to work? I tried all kinds of policy based
routing but to no avail...
Thanks,
Nick
This archive was generated by hypermail 2.1.4 : Sat Oct 06 2007 - 12:01:16 ART