Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > change destination ip address

Reply
Thread Tools

change destination ip address

 
 
Glen
Guest
Posts: n/a
 
      04-09-2004
I have a situation requiring the redirection of all HTTP,POP3,and Imap
requests to a specific address to another destination. This traffic is
not crossing a firewall of any form, just from on interface of a 6509
to another.

All | |
request ---> | 6509 | ---> http, imap, pop3 ---> 10.80.50.3
to | | \
10.80.50.2 \---> smtp, etc ---> 10.80.50.2


The solution (as we are told) is to redirect all but SMTP to another
server.

The suggestion is to setup a route-map and access lists basically as
follows:

access-list 110 permit tcp any host <host address> eq 110
access-list 110 permit tcp any host <host address> eq 80
access-list 110 permit tcp any host <host address> eq 143

route-map <NAME> permit 10
match ip address 110
set ip default next-hop <host address>


int vlan XXXX

ip policy route-map <NAME>

This configuration does not work, any ideas would be very much
appreciated.

Glen
 
Reply With Quote
 
 
 
 
Hansang Bae
Guest
Posts: n/a
 
      04-09-2004
In article <(E-Mail Removed) >,
http://www.velocityreviews.com/forums/(E-Mail Removed) says...
> I have a situation requiring the redirection of all HTTP,POP3,and Imap
> requests to a specific address to another destination. This traffic is
> not crossing a firewall of any form, just from on interface of a 6509
> to another.
>
> All | |
> request ---> | 6509 | ---> http, imap, pop3 ---> 10.80.50.3
> to | | \
> 10.80.50.2 \---> smtp, etc ---> 10.80.50.2
>
>
> The solution (as we are told) is to redirect all but SMTP to another
> server.
>
> The suggestion is to setup a route-map and access lists basically as
> follows:
>
> access-list 110 permit tcp any host <host address> eq 110
> access-list 110 permit tcp any host <host address> eq 80
> access-list 110 permit tcp any host <host address> eq 143
>
> route-map <NAME> permit 10
> match ip address 110
> set ip default next-hop <host address>
>
>
> int vlan XXXX
>
> ip policy route-map <NAME>
>
> This configuration does not work, any ideas would be very much
> appreciated.


First, you need to set this on the INBOUT interface. Also, you don't
want to use "set ip default..." use "set ip next-hop IP_ADDR" and "set
interface INT_HERE"

Use both to make sure you hard code the exit interface.

--

hsb

"Somehow I imagined this experience would be more rewarding" Calvin
*************** USE ROT13 TO SEE MY EMAIL ADDRESS ****************
************************************************** ******************
Due to the volume of email that I receive, I may not not be able to
reply to emails sent to my account. Please post a followup instead.
************************************************** ******************
 
Reply With Quote
 
 
 
 
Barry Margolin
Guest
Posts: n/a
 
      04-09-2004
In article <(E-Mail Removed)>,
Hansang Bae <(E-Mail Removed)> wrote:

> In article <(E-Mail Removed) >,
> (E-Mail Removed) says...
> > I have a situation requiring the redirection of all HTTP,POP3,and Imap
> > requests to a specific address to another destination. This traffic is
> > not crossing a firewall of any form, just from on interface of a 6509
> > to another.
> >
> > All | |
> > request ---> | 6509 | ---> http, imap, pop3 ---> 10.80.50.3
> > to | | \
> > 10.80.50.2 \---> smtp, etc ---> 10.80.50.2
> >
> >
> > The solution (as we are told) is to redirect all but SMTP to another
> > server.
> >
> > The suggestion is to setup a route-map and access lists basically as
> > follows:
> >
> > access-list 110 permit tcp any host <host address> eq 110
> > access-list 110 permit tcp any host <host address> eq 80
> > access-list 110 permit tcp any host <host address> eq 143
> >
> > route-map <NAME> permit 10
> > match ip address 110
> > set ip default next-hop <host address>
> >
> >
> > int vlan XXXX
> >
> > ip policy route-map <NAME>
> >
> > This configuration does not work, any ideas would be very much
> > appreciated.

>
> First, you need to set this on the INBOUT interface. Also, you don't
> want to use "set ip default..." use "set ip next-hop IP_ADDR" and "set
> interface INT_HERE"
>
> Use both to make sure you hard code the exit interface.


Note also that this does *not* change the destination address in the
packets. It sends the packets to the next-hop with their address fields
intact -- the next-hop is assumed to act like a router. The alternate
server will need to be able to accept traffic with this destination
address, and also use this address as the source address in its replies
(so that the client will match it up properly with the connection).

If you want to perform any address translation, you need to use NAT, not
policy routing.

--
Barry Margolin, (E-Mail Removed)
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
 
Reply With Quote
 
Glen
Guest
Posts: n/a
 
      04-12-2004
Barry Margolin <(E-Mail Removed)> wrote in message news:<(E-Mail Removed)>...
> In article <(E-Mail Removed)>,
> Hansang Bae <(E-Mail Removed)> wrote:
>
> > In article <(E-Mail Removed) >,
> > (E-Mail Removed) says...
> > > I have a situation requiring the redirection of all HTTP,POP3,and Imap
> > > requests to a specific address to another destination. This traffic is
> > > not crossing a firewall of any form, just from on interface of a 6509
> > > to another.
> > >
> > > All | |
> > > request ---> | 6509 | ---> http, imap, pop3 ---> 10.80.50.3
> > > to | | \
> > > 10.80.50.2 \---> smtp, etc ---> 10.80.50.2
> > >
> > >
> > > The solution (as we are told) is to redirect all but SMTP to another
> > > server.
> > >
> > > The suggestion is to setup a route-map and access lists basically as
> > > follows:
> > >
> > > access-list 110 permit tcp any host <host address> eq 110
> > > access-list 110 permit tcp any host <host address> eq 80
> > > access-list 110 permit tcp any host <host address> eq 143
> > >
> > > route-map <NAME> permit 10
> > > match ip address 110
> > > set ip default next-hop <host address>
> > >
> > >
> > > int vlan XXXX
> > >
> > > ip policy route-map <NAME>
> > >
> > > This configuration does not work, any ideas would be very much
> > > appreciated.

> >
> > First, you need to set this on the INBOUT interface. Also, you don't
> > want to use "set ip default..." use "set ip next-hop IP_ADDR" and "set
> > interface INT_HERE"
> >
> > Use both to make sure you hard code the exit interface.

>
> Note also that this does *not* change the destination address in the
> packets. It sends the packets to the next-hop with their address fields
> intact -- the next-hop is assumed to act like a router. The alternate
> server will need to be able to accept traffic with this destination
> address, and also use this address as the source address in its replies
> (so that the client will match it up properly with the connection).
>
> If you want to perform any address translation, you need to use NAT, not
> policy routing.


Thank you for the reply. I was thinking that NAT had to occur in order
to change an address and that policy routing would not have any impact
on the destination within the packet but the path of the packets. The
problem I am having is lack of experience with NAT. I have tried a
couple of scenarios and none worked. Any input would be greatly
appreciated. Also any direction to quality examples or documentation
would also be greatly appreciated.
 
Reply With Quote
 
Hansang Bae
Guest
Posts: n/a
 
      04-12-2004
In article <(E-Mail Removed) >,
(E-Mail Removed) says...
> Thank you for the reply. I was thinking that NAT had to occur in order
> to change an address and that policy routing would not have any impact
> on the destination within the packet but the path of the packets. The
> problem I am having is lack of experience with NAT. I have tried a
> couple of scenarios and none worked. Any input would be greatly
> appreciated. Also any direction to quality examples or documentation
> would also be greatly appreciated.



I glossed over the 'need to change the IP' part. Cisco's NAT FAQ is
pretty decent. Jeff Doyle's volume II also has good examples. Another
good resource is Gilbert Held's "Cisco Access Lists Field Guide" is also
quite good.

But a quick tip is that "ip nat inside ...." command will translate the
source IP address as it traverse from inside to outside. It will also
translate the destination address as it traverses outisde to inside.

There is also "ip nat outside ...." command does the opposite.

See http://www.cisco.com/warp/public/556/1.html

--

hsb

"Somehow I imagined this experience would be more rewarding" Calvin
*************** USE ROT13 TO SEE MY EMAIL ADDRESS ****************
************************************************** ******************
Due to the volume of email that I receive, I may not not be able to
reply to emails sent to my account. Please post a followup instead.
************************************************** ******************
 
Reply With Quote
 
Glen
Guest
Posts: n/a
 
      04-13-2004
Hansang Bae <(E-Mail Removed)> wrote in message news:<(E-Mail Removed)>...
> In article <(E-Mail Removed) >,
> (E-Mail Removed) says...
> > Thank you for the reply. I was thinking that NAT had to occur in order
> > to change an address and that policy routing would not have any impact
> > on the destination within the packet but the path of the packets. The
> > problem I am having is lack of experience with NAT. I have tried a
> > couple of scenarios and none worked. Any input would be greatly
> > appreciated. Also any direction to quality examples or documentation
> > would also be greatly appreciated.

>
>
> I glossed over the 'need to change the IP' part. Cisco's NAT FAQ is
> pretty decent. Jeff Doyle's volume II also has good examples. Another
> good resource is Gilbert Held's "Cisco Access Lists Field Guide" is also
> quite good.
>
> But a quick tip is that "ip nat inside ...." command will translate the
> source IP address as it traverse from inside to outside. It will also
> translate the destination address as it traverses outisde to inside.
>
> There is also "ip nat outside ...." command does the opposite.
>
> See http://www.cisco.com/warp/public/556/1.html
>
> --
>
> hsb
>

Thanks for all of the feedback and the info on documentation. I have
things working now, it seems that I was reversing the inside and
outside. I really appreciate all of your time.


Glen


> "Somehow I imagined this experience would be more rewarding" Calvin
> *************** USE ROT13 TO SEE MY EMAIL ADDRESS ****************
> ************************************************** ******************
> Due to the volume of email that I receive, I may not not be able to
> reply to emails sent to my account. Please post a followup instead.
> ************************************************** ******************

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
NAT based on destination address in PIX shinhyuk Cisco 5 05-22-2009 08:28 AM
A Paradise DNS address change? What change? There was no change. Tony Neville NZ Computing 7 09-22-2006 01:02 PM
Cisco 3600 NAT by destination address Chris Davis Cisco 1 07-03-2005 06:37 PM
Destination not reachable until destination pings source! PIX501 Dave Cisco 0 02-27-2004 06:15 PM
QoS by Destination IP Address? cjn9045 Cisco 1 11-06-2003 10:42 PM



Advertisments