Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Cisco router nat depends on destination IP

Reply
Thread Tools

Cisco router nat depends on destination IP

 
 
hdu
Guest
Posts: n/a
 
      01-10-2004
Our company network configuration is :

Internet<---router1--->DMZ(IP: 202.122.x.y)<--->router2<---->office(IP:
192.168.0.z)

I would like to configure nat on router2 that do nat of office IP to global
IP of all packets to Internet. But all packet to DMZ from office not do the
nat.

Can I configure this on a Cisco router 3640 (router2 in above).


 
Reply With Quote
 
 
 
 
Claude LeFort
Guest
Posts: n/a
 
      01-10-2004
Let's pretend that you have a DMZ network of 202.122.0.0/29 and that Router2
's interface to Router1 is FastEthernet0

ip nat inside source list nat_decision interface FastEthernet0 overload

ip access-list extended nat_decision
deny ip 192.168.0.0 0.0.0.255 202.122.0.0 0.0.0.7
permit ip 192.168.0.0 0.0.0.255 any

Claude

"hdu" <(E-Mail Removed)> wrote in message news:3fffd53d$(E-Mail Removed)...
> Our company network configuration is :
>
> Internet<---router1--->DMZ(IP: 202.122.x.y)<--->router2<---->office(IP:
> 192.168.0.z)
>
> I would like to configure nat on router2 that do nat of office IP to

global
> IP of all packets to Internet. But all packet to DMZ from office not do

the
> nat.
>
> Can I configure this on a Cisco router 3640 (router2 in above).
>
>



 
Reply With Quote
 
 
 
 
hdu
Guest
Posts: n/a
 
      01-10-2004
can office connect to DMZ using the IP 192.168.0.z ?

"Claude LeFort" <(E-Mail Removed)> 在郵件
newsCSLb.56166$(E-Mail Removed) 中撰寫...
> Let's pretend that you have a DMZ network of 202.122.0.0/29 and that

Router2
> 's interface to Router1 is FastEthernet0
>
> ip nat inside source list nat_decision interface FastEthernet0 overload
>
> ip access-list extended nat_decision
> deny ip 192.168.0.0 0.0.0.255 202.122.0.0 0.0.0.7
> permit ip 192.168.0.0 0.0.0.255 any
>
> Claude
>
> "hdu" <(E-Mail Removed)> wrote in message news:3fffd53d$(E-Mail Removed)...
> > Our company network configuration is :
> >
> > Internet<---router1--->DMZ(IP: 202.122.x.y)<--->router2<---->office(IP:
> > 192.168.0.z)
> >
> > I would like to configure nat on router2 that do nat of office IP to

> global
> > IP of all packets to Internet. But all packet to DMZ from office not do

> the
> > nat.
> >
> > Can I configure this on a Cisco router 3640 (router2 in above).
> >
> >

>
>



 
Reply With Quote
 
hdu
Guest
Posts: n/a
 
      01-12-2004
I following your advice and it works perfectly. However, my sites include
different companies which use different IP to Internet. So I changed your
command as follows:

ip nat pool nat_1 202.122.x.y 202.122.x.y netmask 255.255.255.248

ip nat inside source list nat_decision_1 pool nat_1

ip access-list extended nat_decision_1

deny ip 192.168.1.0 0.0.0.255 202.122.x.0 0.0.0.255

permit ip 192.168.1.0 0.0.0.255 any


Then I connect to both Internet and our DMZ. I find that it do nat both DMZ
and Internet.
Do I make anything wrong?

"Claude LeFort" <(E-Mail Removed)> 在郵件
newsCSLb.56166$(E-Mail Removed) 中撰寫...
> Let's pretend that you have a DMZ network of 202.122.0.0/29 and that

Router2
> 's interface to Router1 is FastEthernet0
>
> ip nat inside source list nat_decision interface FastEthernet0 overload
>
> ip access-list extended nat_decision
> deny ip 192.168.0.0 0.0.0.255 202.122.0.0 0.0.0.7
> permit ip 192.168.0.0 0.0.0.255 any
>
> Claude
>
> "hdu" <(E-Mail Removed)> wrote in message news:3fffd53d$(E-Mail Removed)...
> > Our company network configuration is :
> >
> > Internet<---router1--->DMZ(IP: 202.122.x.y)<--->router2<---->office(IP:
> > 192.168.0.z)
> >
> > I would like to configure nat on router2 that do nat of office IP to

> global
> > IP of all packets to Internet. But all packet to DMZ from office not do

> the
> > nat.
> >
> > Can I configure this on a Cisco router 3640 (router2 in above).
> >
> >

>
>



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
NAT based on destination address in PIX shinhyuk Cisco 5 05-22-2009 08:28 AM
Destination NAT on Cisco 876? Martin Turba Cisco 6 12-30-2005 11:26 AM
Cisco 3600 NAT by destination address Chris Davis Cisco 1 07-03-2005 06:37 PM
Destination NAT with Cisco 2503 Andre Wisniewski Cisco 1 12-10-2004 10:33 AM
Destination not reachable until destination pings source! PIX501 Dave Cisco 0 02-27-2004 06:15 PM



Advertisments