From: Gary Duncanson (gary.duncanson@googlemail.com)
Date: Fri Sep 28 2007 - 18:09:10 ART
Hi
Check email thread last week involving Ruth/Jason Guy and myself for clues
with this one. We looked at a few NAT policy routing situations.
HTH
Gary
----- Original Message -----
From: "CCIEin2006" <ciscocciein2006@gmail.com>
To: "CCIEin2006" <ciscocciein2006@gmail.com>; "Cisco certification"
<ccielab@groupstudy.com>
Sent: Friday, September 28, 2007 9:23 PM
Subject: Re: Is it possible to NAT the Destination Address of Locally
Originated Traffic?
> Thanks Kelly,
>
> I tried creating a local policy and then later a policy applied directly
> to
> the interface for return traffic. Neither worked. I did a debug policy and
> it appears that return traffic directed towards the router itself is not
> being policy routed or if it is the NAT simply will not work!
>
> Whats frustrating is that I can get the NAT to work when I want to change
> the source address of locally originated traffic, but not when changing
> the
> destination address....
>
> On 9/28/07, kelly@cliffhanger.com <kelly@cliffhanger.com> wrote:
>>
>>
>> Policy routing ...
>>
>> Create a nat config for the reply traffic using a
>> route map and apply it to a "local policy".
>>
>>
>> ! global config mode :
>> ip local policy route-map <route-map-name>
>>
>> Configuring Policy-Based Routing
>>
>> http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fqos_c/fqcprt1/qcfpbr.htm
>>
>> --
>> ___
>> /\ \
>> / \ \
>> / \ \
>> / /\ \ \
>> / / \ \ \
>> / / / \ \ \
>> / / /___\__\ \
>> / / /___________\
>> \/_______________/
>>
>> Impossible Triangle
>> M. C. Escher
>>
>> Big riffs, massive grooves, and expansive improvisations
>>
>>
>>
>>
>> Quoting CCIEin2006 <ciscocciein2006@gmail.com>:
>> Hello Experts,
>>
>> Is it possible to NAT the destination address for traffic locally
>> generated
>> on a router?
>>
>> Lets say you wanted to play a mean trick on your co-workers, and
>> have them
>> think they're telnetting into one router only to be
>> redirected to another router because the destination address is
>> NAT'd.
>>
>> In the example below you are doing a telnet from R1 to IP
>> 5.5.5.5which is
>> NAT'd to 2.2.2.2 (IP of R2)
>>
>> (R1)----------(R2)
>> 1.1.1.1 2.2.2.2
>>
>> Here's the problem I'm seeing:
>>
>> 1.1.1.1 ----> 5.5.5.5 ->(NAT'd to 2.2.2.2)
>> 1.1.1.1 <--- 2.2.2.2 (Not being NAT'd back)
>>
>> I tried testing this but the problem is that the return traffic is
>> not being
>> NAT'd back to the original address.
>> I see the SYN ACK come back from R2 with a source of 2.2.2.2 but
>> it
>> does not
>> get NAT'd back to 5.5.5.5.
>> Meanwhile R1 thinks this is traffic from a different session and
>> sends a
>> RST.
>>
>> Is there any way to get this to work? I tried all kinds of policy
>> based
>> routing but to no avail...
>>
>> Thanks,
>> Nick
>>
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Sat Oct 06 2007 - 12:01:16 ART