Re: Source nat and destination nat on Same public ip from Joe Astorino on 2012-03-08 (Ccielab archives 03/2012)

From: Joe Astorino <joeastorino1982_at_gmail.com>
Date: Thu, 8 Mar 2012 01:51:01 -0500

Sorry that should be fa0/1 not gi0/1 in my example.

That is what this does. When you hit the public IP on port 25 it will
forward it to the .12 IP address on the inside. Everything else
sourced on the inside from 172.16.16.0/24 will be translated to the
public IP of fa0/1 using dynamic PAT

On Thu, Mar 8, 2012 at 12:50 AM, faizan khurshid
<faizankhurshid921_at_hotmail.com> wrote:
> Hi Joe
>
>
> on Cisco can we have only one public ip and two private ip say A and B.... I
> want to do the destination nat on the public ip to one private ip A and at
> the same time source nat for private IP B to the same public ip
>
>
>
>> Date: Wed, 7 Mar 2012 17:31:57 -0500
>> Subject: Re: Source nat and destination nat on Same public ip
>> From: joeastorino1982_at_gmail.com
>> To: faizankhurshid921_at_hotmail.com
>> CC: ccielab_at_groupstudy.com
>
>>
>> Try configuring a simple static PAT translation for the inbound
>> traffic and just use dynamic PAT to the outside public IP for
>> everything else.
>>
>> ip nat inside source static tcp 172.16.16.12 25 interface gi0/1 25
>> ip nat inside source list NAT interface fa0/1 overload
>> !
>> ip access-list extended NAT
>> permit ip 172.16.16.0 0.0.0.255 any
>> !
>> int fa0/0
>> ip nat inside
>> !
>> int fa0/1
>> ip nat outside
>>
>>
>> On Wed, Mar 7, 2012 at 4:29 PM, faizan khurshid
>> <faizankhurshid921_at_hotmail.com> wrote:
>> > Hi
>> >
>> > Actually I have one EMAIL Gateway having two IP's outbound
>> > 172.16.16.12 and inbound 172.16.16.11 .User EMail traffic will go to
>> > outside from 172.16.16.12 and Email inbound traffic come to
>> > 172.16.16.11 .Below i try to help to understand the traffic flow
>> > User send EmailSend Email---------->Email Gateway(
>> > 172.16.16.12)-------->94.56.X.X............>Internet (Source natting)
>> > User Receive an Email from Internet
>> > User<----------Email Gateway(
>> > 172.16.16.11)<--------94.56.X.X<..........Internet (Destination natting)
>> >
>> > 94.56.X.X will remain same both from Inside to Internet & from Internet
>> > to
>> > Inside
>> >
>> >
>> >
>> >
>> >
>> >
>> >> From: faizankhurshid921_at_hotmail.com
>> >> To: ccielab_at_groupstudy.com
>> >> Subject: Source nat and destination nat on Same public ip
>> >> Date: Wed, 7 Mar 2012 21:48:07 +0500
>> >>
>> >> Dear
>> >>
>> >> Below is my scenario
>> >>
>> >> .
>> >>
>> >>
>> >> I have Mail Gateway : which is sending and receving an email on
>> > different
>> >> IP ....................IP 172.16.16.12 it sending email to outside
>> >> world while 172.16.16.11 its receving from Internet.I only have one
>> >> public IP 94.56.X.X .I did below config user can receive from outside
>> >> world
>> >> while once user send an email i should receive on 94.56.X.X f but i m
>> >> receving from Outside interface of router which is connected to
>> >> Internet
>> >>
>> >> My question can we do source nat and destination nat on Same public ip
>> >> while we have different private IP's .Below is my config seems to be
>> >> fine but its not working for outgoing traffic
>> >>
>> >> Once i remove ip nat inside source list DMZ interface fa0/1 overload
>> >> internet stop working on my Mail Gateway
>> >>
>> >>
>> >>
>> >> ip nat pool POOL1 172.16.16.11 172.16.16.11 netmask 255.255.255.0 type
>> >> rotaryip nat pool POOL2 94.56.X.X 94.56.X.X netmask 255.255.255.0ip nat
>> > inside
>> >> source list Outside pool POOL2ip nat inside destination list Inside
>> >> pool
>> >> POOL1!ip access-list extended Inside permit tcp any host 94.56.X.X eq
>> > smtpip
>> >> access-list extended Outside permit tcp host 172.16.16.12 eq smtp any
>> >> eq
>> > smtp
>> >> !
>> >> ip access-list extended DMZ
>> >> permit ip 172.16.16.0 0.0.0.255 any
>> >>
>> >> ip nat inside source list DMZ interface fa0/1 overload
>> >>
>> >>
>> >> interface FastEthernet0/0 ip address 172.16.16.1 255.255.255.0 ip nat
>> > inside
>> >> ip virtual-reassembly duplex auto speed auto!interface FastEthernet0/1
>> >> ip
>> >> address 94.216.200.65 255.255.255.252 ip nat outside ip
>> >> virtual-reassembly
>> >> duplex auto speed auto
>> >>
>> >>
>> >> Blogs and organic groups at http://www.ccie.net
>> >>
>> >> _______________________________________________________________________
>> >> Subscription information may be found at:
>> >> http://www.groupstudy.com/list/CCIELab.html
>> >
>> >
>> > Blogs and organic groups at http://www.ccie.net
>> >
>> > _______________________________________________________________________
>> > Subscription information may be found at:
>> > http://www.groupstudy.com/list/CCIELab.html
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>>
>>
>>
>> --
>> Regards,
>>
>> Joe Astorino
>> CCIE #24347
>> http://astorinonetworks.com
>>
>> "He not busy being born is busy dying" - Dylan
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>>
>>
>>
>>
>>

-- 
Regards,
Joe Astorino
CCIE #24347
http://astorinonetworks.com
"He not busy being born is busy dying" - Dylan
Blogs and organic groups at http://www.ccie.net

Received on Thu Mar 08 2012 - 01:51:01 ART

This archive was generated by hypermail 2.2.0 : Sun Apr 01 2012 - 07:56:52 ART