From: Jan Ballasch (haniz@ok.cvut.cz)
Date: Mon Jan 19 2009 - 21:39:49 ARST
Hello Experts,
I have problem with which i fighting for more then two days...
I need to find out how to make NAT inside to inside translation.
I have 3 interfaces.
FA0/2 to ISP (ip nat outside) (172.16.3.9/24)
FA0/1 to server segment (ip nat inside) (192.168.2.9/24)
FA0/0 to local users (ip nat inside) (192.168.1.9/24)
ip nat pool FOR_LU 10.0.0.128 10.0.0.254 netmask 255.255.255.0
ip nat inside source list LOCAL_SEGMENT pool FOR_LU
ip nat inside source static 192.168.2.2 10.0.0.2
I need to connect from 192.168.1.0/24 segment to server inside global
address (10.0.0.2).
But inside to inside translation doesn't works.
I tried to use interface loopback (ip nat outside) and use ip policy
route-map on fa0/0 to send traffic sourced from 192.168.1.0 to
destination 10.0.0.2 to loopback. But it doesn't works it translates
only source address not destination. Then packets are forwarded to
10.0.0.2 no to 192.168.2.2 :-(
Then I tried to have all interfaces outside and loopback inside and do
ip policy route-map on all interfaces. It relatively do what I want,
but. When is packet going from 192.168.1.0/24 segment to server inside
global address (10.0.0.2) it works fine, router translates 192.168.1.0
to 10.0.0.128 and 10.0.0.2 to 192.168.2.2. But backwards is problem. I
can't use route map to send only traffic to dest to 10.0.0.128 and
sourced from 192.168.2.2 to loopback because it translates first
10.0.0.128 to 192.168.1.1 and then is policy routing applied. Then I
can't distinguish traffic 192.168.1.1 to 192.168.2.2 from 192.168.1.1 to
10.0.0.2 and translation (10.0.0.128 to 192.168.2.2 and backwards).
Is there any IOS solution for this two-way NAT?
Two inside interfaces and NAT between it?
thanx
haniz
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Sun Mar 01 2009 - 09:43:39 ARST