Re: Source nat and destination nat on Same public ip

Try configuring a simple static PAT translation for the inbound
traffic and just use dynamic PAT to the outside public IP for
everything else.

ip nat inside source static tcp 172.16.16.12 25 interface gi0/1 25
ip nat inside source list NAT interface fa0/1 overload
!
ip access-list extended NAT
 permit ip 172.16.16.0 0.0.0.255 any
!
int fa0/0
 ip nat inside
!
int fa0/1
 ip nat outside

On Wed, Mar 7, 2012 at 4:29 PM, faizan khurshid
<faizankhurshid921_at_hotmail.com> wrote:
> Hi
>
> Actually I have one EMAIL Gateway having two IP's outbound
> 172.16.16.12 and inbound 172.16.16.11 .User EMail traffic will go to
> outside from 172.16.16.12 and Email inbound traffic come to
> 172.16.16.11 .Below i try to help to understand the traffic flow
> User send EmailSend Email---------->Email Gateway(
> 172.16.16.12)-------->94.56.X.X............>Internet (Source natting)
> User Receive an Email from Internet
> User<----------Email Gateway(
> 172.16.16.11)<--------94.56.X.X<..........Internet (Destination natting)
>
> 94.56.X.X will remain same both from Inside to Internet & from Internet to
> Inside
>
>
>
>
>
>
>> From: faizankhurshid921_at_hotmail.com
>> To: ccielab_at_groupstudy.com
>> Subject: Source nat and destination nat on Same public ip
>> Date: Wed, 7 Mar 2012 21:48:07 +0500
>>
>> Dear
>>
>> Below is my scenario
>>
>> .
>>
>>
>> I have Mail Gateway : which is sending and receving an email on
> different
>> IP ....................IP 172.16.16.12 it sending email to outside
>> world while 172.16.16.11 its receving from Internet.I only have one
>> public IP 94.56.X.X .I did below config user can receive from outside world
>> while once user send an email i should receive on 94.56.X.X f but i m
>> receving from Outside interface of router which is connected to Internet
>>
>> My question can we do source nat and destination nat on Same public ip
>> while we have different private IP's .Below is my config seems to be
>> fine but its not working for outgoing traffic
>>
>> Once i remove ip nat inside source list DMZ interface fa0/1 overload
>> internet stop working on my Mail Gateway
>>
>>
>>
>> ip nat pool POOL1 172.16.16.11 172.16.16.11 netmask 255.255.255.0 type
>> rotaryip nat pool POOL2 94.56.X.X 94.56.X.X netmask 255.255.255.0ip nat
> inside
>> source list Outside pool POOL2ip nat inside destination list Inside pool
>> POOL1!ip access-list extended Inside permit tcp any host 94.56.X.X eq
> smtpip
>> access-list extended Outside permit tcp host 172.16.16.12 eq smtp any eq
> smtp
>> !
>> ip access-list extended DMZ
>> permit ip 172.16.16.0 0.0.0.255 any
>>
>> ip nat inside source list DMZ interface fa0/1 overload
>>
>>
>> interface FastEthernet0/0 ip address 172.16.16.1 255.255.255.0 ip nat
> inside
>> ip virtual-reassembly duplex auto speed auto!interface FastEthernet0/1 ip
>> address 94.216.200.65 255.255.255.252 ip nat outside ip virtual-reassembly
>> duplex auto speed auto
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>

-- 
Regards,
Joe Astorino
CCIE #24347
http://astorinonetworks.com
"He not busy being born is busy dying" - Dylan
Blogs and organic groups at http://www.ccie.net