«

Hi all
I am a newbie to Cisco NAT/PAT configurations. Is the following
doable? The question is related to configuring NAT/PAT on a Cisco
router in the presence of a web proxy. This will allow transparent web
proxy services.


[cnn.com]-----[Proxy]----[Cisco Rtr]==WAN link==[Rtr2]----[PC]
12.1.1.1 PI1 PI2 CI2 CI1 RS2 194.x.x.1

Assume:
PI1 - Internet interface of Proxy = 174.x.x.1
PI2 - Local interface of Proxy = 172.17.72.x
CI2 - Cisco Interface 1 = 172.17.72.y
CI1 - WAN interface = 192.168.150.x
RS2 - Remote Rtr2 LAN interface = 194.x.x.2
Remote PC = 194.x.x.1


Now:
Step 1:
GET request from PC (after DNS exchanges):
Source: 194.x.x.1:5000
Dest: 12.1.1.1:80

Step 2:
Same Pkt at CI1
Source: 194.x.x.1:5000
Dest: 12.1.1.1:80

Step 3:
Same Pkt at CI2 (changed by Cisco - what we need)
Source: 194.x.x.1:5000
Dest: 172.17.72.x:8080 (remember: 12.1.1.1:80)

Step 4:
Proxy gets the packet. Gets the page: cnn.com and stores it in cache.
Sends
a reply.
Packet at CI2
Source: 172.17.72.x:8080
Dest: 194.x.x.1:5000

Step 5:
Packet at CI1 (changed by Cisco - what we need)
Source: 12.1.1.1:80 (remember: 12.1.1.1:80 from Step 3)
Dest: 194.x.x.1:5000

Step 3 and Step 5 needs Cisco router configurations for NAT/PAT etc.,
Is this doable in Cisco using NAT or PAT or a combination?

Step 3 is needed because proxy is not in promiscous mode and we want to
avoid single point of failure.

Step 5 is needed because PC has a TCP connection to 12.1.1.1:80 and
expects that in reply.

Note:
We cannot configure web proxy addresses on the PC browsers or use WPAD
or any other automatic proxy configurations like DHCP for many
administrative and domain reasons.

Please let me know
Thank you
Sri