RE: Source nat and destination nat on Same public ip from faizan khurshid on 2012-03-08 (Ccielab archives 03/2012)

From: faizan khurshid <faizankhurshid921_at_hotmail.com>
Date: Thu, 8 Mar 2012 11:59:56 +0500

Dear Joe

I don't want to do translate on my Router interface .I have Public IP i want
to do on my Public IP

Thanks

Part of the Midis Group

> Date: Thu, 8 Mar 2012 01:51:01 -0500
> Subject: Re: Source nat and destination nat on Same public ip
> From: joeastorino1982_at_gmail.com
> To: faizankhurshid921_at_hotmail.com
> CC: ccielab_at_groupstudy.com
>
> Sorry that should be fa0/1 not gi0/1 in my example.
>
> That is what this does. When you hit the public IP on port 25 it will
> forward it to the .12 IP address on the inside. Everything else
> sourced on the inside from 172.16.16.0/24 will be translated to the
> public IP of fa0/1 using dynamic PAT
>
> On Thu, Mar 8, 2012 at 12:50 AM, faizan khurshid
> <faizankhurshid921_at_hotmail.com> wrote:
> > Hi Joe
> >
> >
> > on Cisco can we have only one public ip and two private ip say A and B....
I
> > want to do the destination nat on the public ip to one private ip A and
at
> > the same time source nat for private IP B to the same public ip
> >
> >
> >
> >> Date: Wed, 7 Mar 2012 17:31:57 -0500
> >> Subject: Re: Source nat and destination nat on Same public ip
> >> From: joeastorino1982_at_gmail.com
> >> To: faizankhurshid921_at_hotmail.com
> >> CC: ccielab_at_groupstudy.com
> >
> >>
> >> Try configuring a simple static PAT translation for the inbound
> >> traffic and just use dynamic PAT to the outside public IP for
> >> everything else.
> >>
> >> ip nat inside source static tcp 172.16.16.12 25 interface gi0/1 25
> >> ip nat inside source list NAT interface fa0/1 overload
> >> !
> >> ip access-list extended NAT
> >> permit ip 172.16.16.0 0.0.0.255 any
> >> !
> >> int fa0/0
> >> ip nat inside
> >> !
> >> int fa0/1
> >> ip nat outside
> >>
> >>
> >> On Wed, Mar 7, 2012 at 4:29 PM, faizan khurshid
> >> <faizankhurshid921_at_hotmail.com> wrote:
> >> > Hi
> >> >
> >> > Actually I have one EMAIL Gateway having two IP's outbound
> >> > 172.16.16.12 and inbound 172.16.16.11 .User EMail traffic will go to
> >> > outside from 172.16.16.12 and Email inbound traffic come to
> >> > 172.16.16.11 .Below i try to help to understand the traffic flow
> >> > User send EmailSend Email---------->Email Gateway(
> >> > 172.16.16.12)-------->94.56.X.X............>Internet (Source natting)
> >> > User Receive an Email from Internet
> >> > User<----------Email Gateway(
> >> > 172.16.16.11)<--------94.56.X.X<..........Internet (Destination
natting)
> >> >
> >> > 94.56.X.X will remain same both from Inside to Internet & from
Internet
> >> > to
> >> > Inside
> >> >
> >> >
> >> >
> >> >
> >> >
> >> >
> >> >> From: faizankhurshid921_at_hotmail.com
> >> >> To: ccielab_at_groupstudy.com
> >> >> Subject: Source nat and destination nat on Same public ip
> >> >> Date: Wed, 7 Mar 2012 21:48:07 +0500
> >> >>
> >> >> Dear
> >> >>
> >> >> Below is my scenario
> >> >>
> >> >> .
> >> >>
> >> >>
> >> >> I have Mail Gateway : which is sending and receving an email on
> >> > different
> >> >> IP ....................IP 172.16.16.12 it sending email to outside
> >> >> world while 172.16.16.11 its receving from Internet.I only have one
> >> >> public IP 94.56.X.X .I did below config user can receive from outside
> >> >> world
> >> >> while once user send an email i should receive on 94.56.X.X f but i m
> >> >> receving from Outside interface of router which is connected to
> >> >> Internet
> >> >>
> >> >> My question can we do source nat and destination nat on Same public
ip
> >> >> while we have different private IP's .Below is my config seems to be
> >> >> fine but its not working for outgoing traffic
> >> >>
> >> >> Once i remove ip nat inside source list DMZ interface fa0/1 overload
> >> >> internet stop working on my Mail Gateway
> >> >>
> >> >>
> >> >>
> >> >> ip nat pool POOL1 172.16.16.11 172.16.16.11 netmask 255.255.255.0
type
> >> >> rotaryip nat pool POOL2 94.56.X.X 94.56.X.X netmask 255.255.255.0ip
nat
> >> > inside
> >> >> source list Outside pool POOL2ip nat inside destination list Inside
> >> >> pool
> >> >> POOL1!ip access-list extended Inside permit tcp any host 94.56.X.X eq
> >> > smtpip
> >> >> access-list extended Outside permit tcp host 172.16.16.12 eq smtp any
> >> >> eq
> >> > smtp
> >> >> !
> >> >> ip access-list extended DMZ
> >> >> permit ip 172.16.16.0 0.0.0.255 any
> >> >>
> >> >> ip nat inside source list DMZ interface fa0/1 overload
> >> >>
> >> >>
> >> >> interface FastEthernet0/0 ip address 172.16.16.1 255.255.255.0 ip nat
> >> > inside
> >> >> ip virtual-reassembly duplex auto speed auto!interface
FastEthernet0/1
> >> >> ip
> >> >> address 94.216.200.65 255.255.255.252 ip nat outside ip
> >> >> virtual-reassembly
> >> >> duplex auto speed auto
> >> >>
> >> >>
> >> >> Blogs and organic groups at http://www.ccie.net
> >> >>
> >> >>
Received on Thu Mar 08 2012 - 11:59:56 ART

This archive was generated by hypermail 2.2.0 : Sun Apr 01 2012 - 07:56:52 ART