RE: Source nat and destination nat on Same public ip

Dear Joe

Below is the traffic flow

User send Email
Send Email---------->Email Gateway(
172.16.16.12)-------->94.56.X.X............>Internet (Source natting)

 User Receive an Email from Internet

User<----------Email Gateway(
172.16.16.11)<--------94.56.X.X<..........Internet (Destination natting)

From: faizankhurshid921_at_hotmail.com
To: joeastorino1982_at_gmail.com
CC: ccielab_at_groupstudy.com
Subject: RE: Source nat and destination nat on Same public ip
Date: Thu, 8 Mar 2012 12:07:59 +0500

Dear Joe

I want to do source natting not on the interface IP but on the same Public IP
which i m using for destination nat. For example 94.16.x.x.x IP should be
used for destination nat for 172.16.16.11 and the same IP 94.16.x.x.x should
be used for source NAT for 172.16.16.12.

Thanks

Part of the Midis Group

> From: faizankhurshid921_at_hotmail.com
> To: joeastorino1982_at_gmail.com
> CC: ccielab_at_groupstudy.com
> Subject: RE: Source nat and destination nat on Same public ip
> Date: Thu, 8 Mar 2012 11:59:56 +0500
>
> Dear Joe
>
> I don't want to do translate on my Router interface .I have Public IP i
want
> to do on my Public IP
>
>
> Thanks
>
>
>
>
>
>
>
> Part of the Midis Group
>
> > Date: Thu, 8 Mar 2012 01:51:01 -0500
> > Subject: Re: Source nat and destination nat on Same public ip
> > From: joeastorino1982_at_gmail.com
> > To: faizankhurshid921_at_hotmail.com
> > CC: ccielab_at_groupstudy.com
> >
> > Sorry that should be fa0/1 not gi0/1 in my example.
> >
> > That is what this does. When you hit the public IP on port 25 it will
> > forward it to the .12 IP address on the inside. Everything else
> > sourced on the inside from 172.16.16.0/24 will be translated to the
> > public IP of fa0/1 using dynamic PAT
> >
> > On Thu, Mar 8, 2012 at 12:50 AM, faizan khurshid
> > <faizankhurshid921_at_hotmail.com> wrote:
> > > Hi Joe
> > >
> > >
> > > on Cisco can we have only one public ip and two private ip say A and
B....
> I
> > > want to do the destination nat on the public ip to one private ip A and
> at
> > > the same time source nat for private IP B to the same public ip
> > >
> > >
> > >
> > >> Date: Wed, 7 Mar 2012 17:31:57 -0500
> > >> Subject: Re: Source nat and destination nat on Same public ip
> > >> From: joeastorino1982_at_gmail.com
> > >> To: faizankhurshid921_at_hotmail.com
> > >> CC: ccielab_at_groupstudy.com
> > >
> > >>
> > >> Try configuring a simple static PAT translation for the inbound
> > >> traffic and just use dynamic PAT to the outside public IP for
> > >> everything else.
> > >>
> > >> ip nat inside source static tcp 172.16.16.12 25 interface gi0/1 25
> > >> ip nat inside source list NAT interface fa0/1 overload
> > >> !
> > >> ip access-list extended NAT
> > >> permit ip 172.16.16.0 0.0.0.255 any
> > >> !
> > >> int fa0/0
> > >> ip nat inside
> > >> !
> > >> int fa0/1
> > >> ip nat outside
> > >>
> > >>
> > >> On Wed, Mar 7, 2012 at 4:29 PM, faizan khurshid
> > >> <faizankhurshid921_at_hotmail.com> wrote:
> > >> > Hi
> > >> >
> > >> > Actually I have one EMAIL Gateway having two IP's outbound
> > >> > 172.16.16.12 and inbound 172.16.16.11 .User EMail traffic will go to
> > >> > outside from 172.16.16.12 and Email inbound traffic come to
> > >> > 172.16.16.11 .Below i try to help to understand the traffic flow
> > >> > User send EmailSend Email---------->Email Gateway(
> > >> > 172.16.16.12)-------->94.56.X.X............>Internet (Source
natting)
> > >> > User Receive an Email from Internet
> > >> > User<----------Email Gateway(
> > >> > 172.16.16.11)<--------94.56.X.X<..........Internet (Destination
> natting)
> > >> >
> > >> > 94.56.X.X will remain same both from Inside to Internet & from
> Internet
> > >> > to
> > >> > Inside
> > >> >
> > >> >
> > >> >
> > >> >
> > >> >
> > >> >
> > >> >> From: faizankhurshid921_at_hotmail.com
> > >> >> To: ccielab_at_groupstudy.com
> > >> >> Subject: Source nat and destination nat on Same public ip
> > >> >> Date: Wed, 7 Mar 2012 21:48:07 +0500
> > >> >>
> > >> >> Dear
> > >> >>
> > >> >> Below is my scenario
> > >> >>
> > >> >> .
> > >> >>
> > >> >>
> > >> >> I have Mail Gateway : which is sending and receving an email on
> > >> > different
> > >> >> IP ....................IP 172.16.16.12 it sending email to outside
> > >> >> world while 172.16.16.11 its receving from Internet.I only have one
> > >> >> public IP 94.56.X.X .I did below config user can receive from
outside
> > >> >> world
> > >> >> while once user send an email i should receive on 94.56.X.X f but i
m
> > >> >> receving from Outside interface of router which is connected to
> > >> >> Internet
> > >> >>
> > >> >> My question can we do source nat and destination nat on Same public
> ip
> > >> >> while we have different private IP's .Below is my config seems to
be
> > >> >> fine but its not working for outgoing traffic
> > >> >>
> > >> >> Once i remove ip nat inside source list DMZ interface fa0/1
overload
> > >> >> internet stop working on my Mail Gateway
> > >> >>
> > >> >>
> > >> >>
> > >> >> ip nat pool POOL1 172.16.16.11 172.16.16.11 netmask 255.255.255.0
> type
> > >> >> rotaryip nat pool POOL2 94.56.X.X 94.56.X.X netmask 255.255.255.0ip
> nat
> > >> > inside
> > >> >> source list Outside pool POOL2ip nat inside destination list Inside
> > >> >> pool
> > >> >> POOL1!ip access-list extended Inside permit tcp any host 94.56.X.X
eq
> > >> > smtpip
> > >> >> access-list extended Outside permit tcp host 172.16.16.12 eq smtp
any
> > >> >> eq
> > >> > smtp
> > >> >> !
> > >> >> ip access-list extended DMZ
> > >> >> permit ip 172.16.16.0 0.0.0.255 any
> > >> >>
> > >> >> ip nat inside source list DMZ interface fa0/1 overload
> > >> >>
> > >> >>
> > >> >> interface FastEthernet0/0 ip address 172.16.16.1 255.255.255.0 ip
nat
> > >> > inside
> > >> >> ip virtual-reassembly duplex auto speed auto!interface
> FastEthernet0/1
> > >> >> ip
> > >> >> address 94.216.200.65 255.255.255.252 ip nat outside ip
> > >> >> virtual-reassembly
> > >> >> duplex auto speed auto
> > >> >>
> > >> >>
> > >> >> Blogs and organic groups at http://www.ccie.net
> > >> >>
> > >> >>
> _______________________________________________________________________
> > >> >> Subscription information may be found at:
> > >> >> http://www.groupstudy.com/list/CCIELab.html
> > >> >
> > >> >
> > >> > Blogs and organic groups at http://www.ccie.net
> > >> >
> > >> >
> _______________________________________________________________________
> > >> > Subscription information may be found at:
> > >> > http://www.groupstudy.com/list/CCIELab.html
> > >> >
> > >> >
> > >> >
> > >> >
> > >> >
> > >> >
> > >> >
> > >>
> > >>
> > >>
> > >> --
> > >> Regards,
> > >>
> > >> Joe Astorino
> > >> CCIE #24347
> > >> http://astorinonetworks.com
> > >>
> > >> "He not busy being born is busy dying" - Dylan
> > >>
> > >>
> > >> Blogs and organic groups at http://www.ccie.net
> > >>
> > >>
Received on Thu Mar 08 2012 - 13:08:14 ART