Re: Is it possible to NAT the Destination Address of Locally

From: CCIEin2006 (ciscocciein2006@gmail.com)
Date: Fri Sep 28 2007 - 17:23:24 ART

• Next message: Singhal: "Re: Value for burst-normal and burst-max for CAR if not"
• Previous message: Darby Weaver: "Re: NLI R&S volume 7 Lab 35"
• Maybe in reply to: CCIEin2006: "Is it possible to NAT the Destination Address of Locally"
• Next in thread: Gary Duncanson: "Re: Is it possible to NAT the Destination Address of Locally"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Thanks Kelly,

I tried creating a local policy and then later a policy applied directly to
the interface for return traffic. Neither worked. I did a debug policy and
it appears that return traffic directed towards the router itself is not
being policy routed or if it is the NAT simply will not work!

Whats frustrating is that I can get the NAT to work when I want to change
the source address of locally originated traffic, but not when changing the
destination address....

On 9/28/07, kelly@cliffhanger.com <kelly@cliffhanger.com> wrote:
>
>
> Policy routing ...
>
> Create a nat config for the reply traffic using a
> route map and apply it to a "local policy".
>
>
> ! global config mode :
> ip local policy route-map <route-map-name>
>
> Configuring Policy-Based Routing
>
> http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fqos_c/fqcprt1/qcfpbr.htm
>
> --
> ___
> /\ \
> / \ \
> / \ \
> / /\ \ \
> / / \ \ \
> / / / \ \ \
> / / /___\__\ \
> / / /___________\
> \/_______________/
>
> Impossible Triangle
> M. C. Escher
>
> Big riffs, massive grooves, and expansive improvisations
>
>
>
>
> Quoting CCIEin2006 <ciscocciein2006@gmail.com>:
> Hello Experts,
>
> Is it possible to NAT the destination address for traffic locally
> generated
> on a router?
>
> Lets say you wanted to play a mean trick on your co-workers, and
> have them
> think they're telnetting into one router only to be
> redirected to another router because the destination address is
> NAT'd.
>
> In the example below you are doing a telnet from R1 to IP 5.5.5.5which is
> NAT'd to 2.2.2.2 (IP of R2)
>
> (R1)----------(R2)
> 1.1.1.1 2.2.2.2
>
> Here's the problem I'm seeing:
>
> 1.1.1.1 ----> 5.5.5.5 ->(NAT'd to 2.2.2.2)
> 1.1.1.1 <--- 2.2.2.2 (Not being NAT'd back)
>
> I tried testing this but the problem is that the return traffic is
> not being
> NAT'd back to the original address.
> I see the SYN ACK come back from R2 with a source of 2.2.2.2 but it
> does not
> get NAT'd back to 5.5.5.5.
> Meanwhile R1 thinks this is traffic from a different session and
> sends a
> RST.
>
> Is there any way to get this to work? I tried all kinds of policy
> based
> routing but to no avail...
>
> Thanks,
> Nick
>
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Singhal: "Re: Value for burst-normal and burst-max for CAR if not"
• Previous message: Darby Weaver: "Re: NLI R&S volume 7 Lab 35"
• Maybe in reply to: CCIEin2006: "Is it possible to NAT the Destination Address of Locally"
• Next in thread: Gary Duncanson: "Re: Is it possible to NAT the Destination Address of Locally"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Oct 06 2007 - 12:01:16 ART