RE: Source nat and destination nat on Same public ip

Hi

Actually I have one EMAIL Gateway having two IP's outbound
172.16.16.12 and inbound 172.16.16.11 .User EMail traffic will go to
outside from 172.16.16.12 and Email inbound traffic come to
172.16.16.11 .Below i try to help to understand the traffic flow
User send EmailSend Email---------->Email Gateway(
172.16.16.12)-------->94.56.X.X............>Internet (Source natting)
 User Receive an Email from Internet
User<----------Email Gateway(
172.16.16.11)<--------94.56.X.X<..........Internet (Destination natting)

 94.56.X.X will remain same both from Inside to Internet & from Internet to
Inside

> From: faizankhurshid921_at_hotmail.com
> To: ccielab_at_groupstudy.com
> Subject: Source nat and destination nat on Same public ip
> Date: Wed, 7 Mar 2012 21:48:07 +0500
>
> Dear
>
> Below is my scenario
>
> .
>
>
> I have Mail Gateway : which is sending and receving an email on
different
> IP ....................IP 172.16.16.12 it sending email to outside
> world while 172.16.16.11 its receving from Internet.I only have one
> public IP 94.56.X.X .I did below config user can receive from outside world
> while once user send an email i should receive on 94.56.X.X f but i m
> receving from Outside interface of router which is connected to Internet
>
> My question can we do source nat and destination nat on Same public ip
> while we have different private IP's .Below is my config seems to be
> fine but its not working for outgoing traffic
>
> Once i remove ip nat inside source list DMZ interface fa0/1 overload
> internet stop working on my Mail Gateway
>
>
>
> ip nat pool POOL1 172.16.16.11 172.16.16.11 netmask 255.255.255.0 type
> rotaryip nat pool POOL2 94.56.X.X 94.56.X.X netmask 255.255.255.0ip nat
inside
> source list Outside pool POOL2ip nat inside destination list Inside pool
> POOL1!ip access-list extended Inside permit tcp any host 94.56.X.X eq
smtpip
> access-list extended Outside permit tcp host 172.16.16.12 eq smtp any eq
smtp
> !
> ip access-list extended DMZ
> permit ip 172.16.16.0 0.0.0.255 any
>
> ip nat inside source list DMZ interface fa0/1 overload
>
>
> interface FastEthernet0/0 ip address 172.16.16.1 255.255.255.0 ip nat
inside
> ip virtual-reassembly duplex auto speed auto!interface FastEthernet0/1 ip
> address 94.216.200.65 255.255.255.252 ip nat outside ip virtual-reassembly
> duplex auto speed auto
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Thu Mar 08 2012 - 02:29:22 ART