RE: Redirecting IP Traffic with NAT.

Hi Hugo,

Could you post your config?

-----Mensaje original-----
De: Hugo Alberto Mormn Reyna [mailto:hmorin_at_axtel.com.mx]
Enviado el: martes, 09 de junio de 2009 16:26
Para: Jose Miguel Huertas; Cisco certification
Asunto: RE: Redirecting IP Traffic with NAT.

Actually yes, I4m trying to hide both ip address, external and internal.
I have already tried that approach, I mean using two ip nat static translations, outside and inside but it seems does not work as I need.

In my test bed users are in the outside, and server in the inside, once the user packets hit the outside interface these are forwarded to the NATed ip address (server) out the inside interface, despite I have a "ip nat outside source static" as well, the packets going back from server to user are routed directly to the real IP user I suppose this happens because the source ip is not replaced by the inside ip address interface.

BTW, inside and outside interfaces are dot1q sub interfaces on the same physical interface, I do not think this could affect the NAT behavior, right?

Thanks for your help!

Hugo A. Mormn Reyna
Planeacisn de Servicos de Datos y Seguridad
Servicios Axtel S.A.
Nxtel ID: 52*15646*1336
Movil: +52 81 1464 5175
Of: +52 81 8129 8708

-----Original Message-----
From: Jose Miguel Huertas [mailto:JoseMiguel.huertas_at_telindus.es]
Sent: Martes, 09 de Junio de 2009 02:52 a.m.
To: Hugo Alberto Mormn Reyna; Cisco certification
Subject: RE: Redirecting IP Traffic with NAT.

Hi Hugo,

Let me know if i got the issue. You want to hide the internal IP address (user address) and also the external IP address (Server address), right?

Well, If you configure "ip nat inside source static ...." you will translate IP origin on all packets coming out your outside interface, and also will translate IP destination on all packets coming in your outside interface.
If you configure "ip nat outside ...", the behaviour is the opposite, it will translate IP destination on all packets coming out your outside interface, and also IP origin on all packets coming in your outside interface.

So if you want to hide both address (User and Server), you will need to configure both statements: ip nat inside ... and ip nat outside ...

Is that what you are looking for??

-----Mensaje original-----
De: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] En nombre de Hugo Alberto Mormn Reyna
Enviado el: martes, 09 de junio de 2009 6:25
Para: Cisco certification
Asunto: Redirecting IP Traffic with NAT.

Dear Experts,

I hope someone can help. Is it possible to redirect IP traffic using NAT between two subnets or hosts that are not in opposite sides of the NATing router?. What I4m trying to do is to hide the real IP address for a particular server/service from the users.

Here you have a simple topology of the scenario, I4ve been playing a while with different NAT configurations, the best I have made is traffic from user directed to outside interface is statically NATed to the server IP Address and forwarded, the problem I have detected is that the source IP Address remains unchanged and traffic back to the user does not goes back to the router but goes directly to the User IP Address allowing the user realize the real IP of the server.

Do someone know how to change the source IP address of the NATed packets to force them go back to the inside router interface and then to the user?
I wonder if I4m trying something not possible with NAT

Any advice or trick will be appreciated!!

                 NAT
               (RTR A)
       Inside / \ Outside
    Vlan A / \ Vlan B
    Subnet A / \ Subnet B
           _/____________\_
          ( )
          ( INTERNET )
          (________________)
            / \
          ISP X ISP Y
          / \
        User Server

Good Luck!
Hugo

Blogs and organic groups at http://www.ccie.net
Received on Tue Jun 09 2009 - 18:03:32 ART