From: CCIEin2006 (ciscocciein2006@gmail.com)
Date: Sat Sep 29 2007 - 07:21:37 ART
Gary - I looked at your emails, but I am clue-less :-(
I tried all kinds of local policy routing, interface policy routing.
I tried moving the inside interface, outside interface.
I tried policy routing to the loopback etc....
For whatever reason the router is not translating the return packet!
On 9/28/07, Gary Duncanson <gary.duncanson@googlemail.com> wrote:
>
> Hi
>
> Check email thread last week involving Ruth/Jason Guy and myself for clues
> with this one. We looked at a few NAT policy routing situations.
>
> HTH
>
> Gary
> ----- Original Message -----
> From: "CCIEin2006" <ciscocciein2006@gmail.com>
> To: "CCIEin2006" <ciscocciein2006@gmail.com>; "Cisco certification"
> <ccielab@groupstudy.com>
> Sent: Friday, September 28, 2007 9:23 PM
> Subject: Re: Is it possible to NAT the Destination Address of Locally
> Originated Traffic?
>
>
> > Thanks Kelly,
> >
> > I tried creating a local policy and then later a policy applied directly
> > to
> > the interface for return traffic. Neither worked. I did a debug policy
> and
> > it appears that return traffic directed towards the router itself is not
> > being policy routed or if it is the NAT simply will not work!
> >
> > Whats frustrating is that I can get the NAT to work when I want to
> change
> > the source address of locally originated traffic, but not when changing
> > the
> > destination address....
> >
> > On 9/28/07, kelly@cliffhanger.com <kelly@cliffhanger.com> wrote:
> >>
> >>
> >> Policy routing ...
> >>
> >> Create a nat config for the reply traffic using a
> >> route map and apply it to a "local policy".
> >>
> >>
> >> ! global config mode :
> >> ip local policy route-map <route-map-name>
> >>
> >> Configuring Policy-Based Routing
> >>
> >>
> http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fqos_c/fqcprt1/qcfpbr.htm
> >>
> >> --
> >> ___
> >> /\ \
> >> / \ \
> >> / \ \
> >> / /\ \ \
> >> / / \ \ \
> >> / / / \ \ \
> >> / / /___\__\ \
> >> / / /___________\
> >> \/_______________/
> >>
> >> Impossible Triangle
> >> M. C. Escher
> >>
> >> Big riffs, massive grooves, and expansive improvisations
> >>
> >>
> >>
> >>
> >> Quoting CCIEin2006 <ciscocciein2006@gmail.com>:
> >> Hello Experts,
> >>
> >> Is it possible to NAT the destination address for traffic
> locally
> >> generated
> >> on a router?
> >>
> >> Lets say you wanted to play a mean trick on your co-workers, and
> >> have them
> >> think they're telnetting into one router only to be
> >> redirected to another router because the destination address is
> >> NAT'd.
> >>
> >> In the example below you are doing a telnet from R1 to IP
> >> 5.5.5.5which is
> >> NAT'd to 2.2.2.2 (IP of R2)
> >>
> >> (R1)----------(R2)
> >> 1.1.1.1 2.2.2.2
> >>
> >> Here's the problem I'm seeing:
> >>
> >> 1.1.1.1 ----> 5.5.5.5 ->(NAT'd to 2.2.2.2)
> >> 1.1.1.1 <--- 2.2.2.2 (Not being NAT'd back)
> >>
> >> I tried testing this but the problem is that the return traffic
> is
> >> not being
> >> NAT'd back to the original address.
> >> I see the SYN ACK come back from R2 with a source of 2.2.2.2 but
> >> it
> >> does not
> >> get NAT'd back to 5.5.5.5.
> >> Meanwhile R1 thinks this is traffic from a different session and
> >> sends a
> >> RST.
> >>
> >> Is there any way to get this to work? I tried all kinds of
> policy
> >> based
> >> routing but to no avail...
> >>
> >> Thanks,
> >> Nick
> >>
> >>
> >> _______________________________________________________________________
> >> Subscription information may be found at:
> >> http://www.groupstudy.com/list/CCIELab.html
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Sat Oct 06 2007 - 12:01:16 ART