Re: Source nat and destination nat on Same public ip

Oh. I assumed your public IP was on the fa0/1 interface. That's fine
just change the nat config same basic idea. Make sure your router has
a route to the public IP you NAT to if it is not a directly connected
route.

On 3/8/12, faizan khurshid <faizankhurshid921_at_hotmail.com> wrote:
>
> Dear Joe
>
> I don't want to do translate on my Router interface .I have Public IP i
> want to do on my Public IP
>
>
> Thanks
>
>
>
>
>
>
>
> Part of the Midis Group
>
>> Date: Thu, 8 Mar 2012 01:51:01 -0500
>> Subject: Re: Source nat and destination nat on Same public ip
>> From: joeastorino1982_at_gmail.com
>> To: faizankhurshid921_at_hotmail.com
>> CC: ccielab_at_groupstudy.com
>>
>> Sorry that should be fa0/1 not gi0/1 in my example.
>>
>> That is what this does. When you hit the public IP on port 25 it will
>> forward it to the .12 IP address on the inside. Everything else
>> sourced on the inside from 172.16.16.0/24 will be translated to the
>> public IP of fa0/1 using dynamic PAT
>>
>> On Thu, Mar 8, 2012 at 12:50 AM, faizan khurshid
>> <faizankhurshid921_at_hotmail.com> wrote:
>> > Hi Joe
>> >
>> >
>> > on Cisco can we have only one public ip and two private ip say A and
>> > B.... I
>> > want to do the destination nat on the public ip to one private ip A and
>> > at
>> > the same time source nat for private IP B to the same public ip
>> >
>> >
>> >
>> >> Date: Wed, 7 Mar 2012 17:31:57 -0500
>> >> Subject: Re: Source nat and destination nat on Same public ip
>> >> From: joeastorino1982_at_gmail.com
>> >> To: faizankhurshid921_at_hotmail.com
>> >> CC: ccielab_at_groupstudy.com
>> >
>> >>
>> >> Try configuring a simple static PAT translation for the inbound
>> >> traffic and just use dynamic PAT to the outside public IP for
>> >> everything else.
>> >>
>> >> ip nat inside source static tcp 172.16.16.12 25 interface gi0/1 25
>> >> ip nat inside source list NAT interface fa0/1 overload
>> >> !
>> >> ip access-list extended NAT
>> >> permit ip 172.16.16.0 0.0.0.255 any
>> >> !
>> >> int fa0/0
>> >> ip nat inside
>> >> !
>> >> int fa0/1
>> >> ip nat outside
>> >>
>> >>
>> >> On Wed, Mar 7, 2012 at 4:29 PM, faizan khurshid
>> >> <faizankhurshid921_at_hotmail.com> wrote:
>> >> > Hi
>> >> >
>> >> > Actually I have one EMAIL Gateway having two IP's outbound
>> >> > 172.16.16.12 and inbound 172.16.16.11 .User EMail traffic will go to
>> >> > outside from 172.16.16.12 and Email inbound traffic come to
>> >> > 172.16.16.11 .Below i try to help to understand the traffic flow
>> >> > User send EmailSend Email---------->Email Gateway(
>> >> > 172.16.16.12)-------->94.56.X.X............>Internet (Source natting)
>> >> > User Receive an Email from Internet
>> >> > User<----------Email Gateway(
>> >> > 172.16.16.11)<--------94.56.X.X<..........Internet (Destination
>> >> > natting)
>> >> >
>> >> > 94.56.X.X will remain same both from Inside to Internet & from
>> >> > Internet
>> >> > to
>> >> > Inside
>> >> >
>> >> >
>> >> >
>> >> >
>> >> >
>> >> >
>> >> >> From: faizankhurshid921_at_hotmail.com
>> >> >> To: ccielab_at_groupstudy.com
>> >> >> Subject: Source nat and destination nat on Same public ip
>> >> >> Date: Wed, 7 Mar 2012 21:48:07 +0500
>> >> >>
>> >> >> Dear
>> >> >>
>> >> >> Below is my scenario
>> >> >>
>> >> >> .
>> >> >>
>> >> >>
>> >> >> I have Mail Gateway : which is sending and receving an email on
>> >> > different
>> >> >> IP ....................IP 172.16.16.12 it sending email to outside
>> >> >> world while 172.16.16.11 its receving from Internet.I only have one
>> >> >> public IP 94.56.X.X .I did below config user can receive from
>> >> >> outside
>> >> >> world
>> >> >> while once user send an email i should receive on 94.56.X.X f but i
>> >> >> m
>> >> >> receving from Outside interface of router which is connected to
>> >> >> Internet
>> >> >>
>> >> >> My question can we do source nat and destination nat on Same public
>> >> >> ip
>> >> >> while we have different private IP's .Below is my config seems to be
>> >> >> fine but its not working for outgoing traffic
>> >> >>
>> >> >> Once i remove ip nat inside source list DMZ interface fa0/1 overload
>> >> >> internet stop working on my Mail Gateway
>> >> >>
>> >> >>
>> >> >>
>> >> >> ip nat pool POOL1 172.16.16.11 172.16.16.11 netmask 255.255.255.0
>> >> >> type
>> >> >> rotaryip nat pool POOL2 94.56.X.X 94.56.X.X netmask 255.255.255.0ip
>> >> >> nat
>> >> > inside
>> >> >> source list Outside pool POOL2ip nat inside destination list Inside
>> >> >> pool
>> >> >> POOL1!ip access-list extended Inside permit tcp any host 94.56.X.X
>> >> >> eq
>> >> > smtpip
>> >> >> access-list extended Outside permit tcp host 172.16.16.12 eq smtp
>> >> >> any
>> >> >> eq
>> >> > smtp
>> >> >> !
>> >> >> ip access-list extended DMZ
>> >> >> permit ip 172.16.16.0 0.0.0.255 any
>> >> >>
>> >> >> ip nat inside source list DMZ interface fa0/1 overload
>> >> >>
>> >> >>
>> >> >> interface FastEthernet0/0 ip address 172.16.16.1 255.255.255.0 ip
>> >> >> nat
>> >> > inside
>> >> >> ip virtual-reassembly duplex auto speed auto!interface
>> >> >> FastEthernet0/1
>> >> >> ip
>> >> >> address 94.216.200.65 255.255.255.252 ip nat outside ip
>> >> >> virtual-reassembly
>> >> >> duplex auto speed auto
>> >> >>
>> >> >>
>> >> >> Blogs and organic groups at http://www.ccie.net
>> >> >>
>> >> >> _______________________________________________________________________
>> >> >> Subscription information may be found at:
>> >> >> http://www.groupstudy.com/list/CCIELab.html
>> >> >
>> >> >
>> >> > Blogs and organic groups at http://www.ccie.net
>> >> >
>> >> > _______________________________________________________________________
>> >> > Subscription information may be found at:
>> >> > http://www.groupstudy.com/list/CCIELab.html
>> >> >
>> >> >
>> >> >
>> >> >
>> >> >
>> >> >
>> >> >
>> >>
>> >>
>> >>
>> >> --
>> >> Regards,
>> >>
>> >> Joe Astorino
>> >> CCIE #24347
>> >> http://astorinonetworks.com
>> >>
>> >> "He not busy being born is busy dying" - Dylan
>> >>
>> >>
>> >> Blogs and organic groups at http://www.ccie.net
>> >>
>> >> _______________________________________________________________________
>> >> Subscription information may be found at:
>> >> http://www.groupstudy.com/list/CCIELab.html
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>>
>>
>>
>> --
>> Regards,
>>
>> Joe Astorino
>> CCIE #24347
>> http://astorinonetworks.com
>>
>> "He not busy being born is busy dying" - Dylan
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>>
>>
>>
>>
>>
>

-- 
Sent from my mobile device
Regards,
Joe Astorino
CCIE #24347
http://astorinonetworks.com
"He not busy being born is busy dying" - Dylan
Blogs and organic groups at http://www.ccie.net