Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Pix Outside NAT

Reply
Thread Tools

Pix Outside NAT

 
 
bitored2002@yahoo.com.au
Guest
Posts: n/a
 
      09-20-2005
Hi,

I have a pix that connects to 2 internet links. I want to split
different types traffic across the 2 links in each direction. Therefore
BGP can take care of the inbound path for traffic on the routers. So
for example i want inbound HTTP traffic on link 1 and email on link 2.
The problem is because of my default route the outbound email always
follows path 1.

I have been thinking of puting the 2nd link on a separate interface on
the pix (curently both are reachable via the outside interface.) Then i
could NAT the source Public IP address on the 2nd link (inbound
direction) so that when my inside host replies it will reply to the NAT
address and follow the path out the 2nd internet link (via the new
interface on the pix).

My question is when the nat function nats back to the real Public IP
will the pix then do a route look up and try to send it out via the
default gateway, ie the outside interface and thus still give me the
same result or will it route before NAT and then simply forward the
packet out my new interface as i would hope. I am unsure of when
exactly the routing happens with NAT.

Thank you for any comments.

 
Reply With Quote
 
 
 
 
Cen
Guest
Posts: n/a
 
      09-20-2005
NAT order of operation generally is as follows:
From inside to outside, route first then NAT.
From outside to inside, NAT first then route.


<(E-Mail Removed)> wrote in message
news:(E-Mail Removed) ups.com...
> Hi,
>
> I have a pix that connects to 2 internet links. I want to split
> different types traffic across the 2 links in each direction. Therefore
> BGP can take care of the inbound path for traffic on the routers. So
> for example i want inbound HTTP traffic on link 1 and email on link 2.
> The problem is because of my default route the outbound email always
> follows path 1.
>
> I have been thinking of puting the 2nd link on a separate interface on
> the pix (curently both are reachable via the outside interface.) Then i
> could NAT the source Public IP address on the 2nd link (inbound
> direction) so that when my inside host replies it will reply to the NAT
> address and follow the path out the 2nd internet link (via the new
> interface on the pix).
>
> My question is when the nat function nats back to the real Public IP
> will the pix then do a route look up and try to send it out via the
> default gateway, ie the outside interface and thus still give me the
> same result or will it route before NAT and then simply forward the
> packet out my new interface as i would hope. I am unsure of when
> exactly the routing happens with NAT.
>
> Thank you for any comments.
>



 
Reply With Quote
 
 
 
 
MC
Guest
Posts: n/a
 
      09-20-2005
On the topic of NAT, I think I am having a brain fart but can not think what
I need to do for a NAT configuration I need.

I have a router at a remote site, both sides are using overlapping IP
addressing in a private range.
I do not want a dynamic NAT configuration using DNS on the router but want
to static define all NAT addresses on each side. Also I want to hide any
traffic not having a static resource define from the source direction to
overload behind a single NAT.
One side configurd Inside and one Side configred outside.
I can get the Inside to Outside traffic to overload behind a single IP but
going from outside to Inside can not get to hide behind a single IP, Had to
use a pool of IP's but really want to have that traffic behind a single IP
also.
Is this possible, I thought I had done it before but can not remember how if
so, also would NAT work from an Inside to an Inside interfaces ?

Thanks,
MC

"Cen" <(E-Mail Removed)> wrote in message
news:dgp460$2ih9$(E-Mail Removed)...
> NAT order of operation generally is as follows:
> From inside to outside, route first then NAT.
> From outside to inside, NAT first then route.
>
>
> <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed) ups.com...
> > Hi,
> >
> > I have a pix that connects to 2 internet links. I want to split
> > different types traffic across the 2 links in each direction. Therefore
> > BGP can take care of the inbound path for traffic on the routers. So
> > for example i want inbound HTTP traffic on link 1 and email on link 2.
> > The problem is because of my default route the outbound email always
> > follows path 1.
> >
> > I have been thinking of puting the 2nd link on a separate interface on
> > the pix (curently both are reachable via the outside interface.) Then i
> > could NAT the source Public IP address on the 2nd link (inbound
> > direction) so that when my inside host replies it will reply to the NAT
> > address and follow the path out the 2nd internet link (via the new
> > interface on the pix).
> >
> > My question is when the nat function nats back to the real Public IP
> > will the pix then do a route look up and try to send it out via the
> > default gateway, ie the outside interface and thus still give me the
> > same result or will it route before NAT and then simply forward the
> > packet out my new interface as i would hope. I am unsure of when
> > exactly the routing happens with NAT.
> >
> > Thank you for any comments.
> >

>
>



 
Reply With Quote
 
bitored2002@yahoo.com.au
Guest
Posts: n/a
 
      09-20-2005
Thanks Cen,

Does that mean if i have an outside int and a DMZ int both connecting
to the internet i can force some return traffic back out the DMZ
interface by nating? So that when the return traffic goes from in to
dmz it will route to the natted ip's (ie a pool of addresses from the
DMZ subnet) and then NAT and forward out teh DMZ int? I just want to
ensure that after natt'ing it doesnt do another route lookup and
forward out teh outside int (ie following the default route).

Thanks.



Cen wrote:
> NAT order of operation generally is as follows:
> From inside to outside, route first then NAT.
> From outside to inside, NAT first then route.
>
>
> <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed) ups.com...
> > Hi,
> >
> > I have a pix that connects to 2 internet links. I want to split
> > different types traffic across the 2 links in each direction. Therefore
> > BGP can take care of the inbound path for traffic on the routers. So
> > for example i want inbound HTTP traffic on link 1 and email on link 2.
> > The problem is because of my default route the outbound email always
> > follows path 1.
> >
> > I have been thinking of puting the 2nd link on a separate interface on
> > the pix (curently both are reachable via the outside interface.) Then i
> > could NAT the source Public IP address on the 2nd link (inbound
> > direction) so that when my inside host replies it will reply to the NAT
> > address and follow the path out the 2nd internet link (via the new
> > interface on the pix).
> >
> > My question is when the nat function nats back to the real Public IP
> > will the pix then do a route look up and try to send it out via the
> > default gateway, ie the outside interface and thus still give me the
> > same result or will it route before NAT and then simply forward the
> > packet out my new interface as i would hope. I am unsure of when
> > exactly the routing happens with NAT.
> >
> > Thank you for any comments.
> >


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Pix 506e w/5 static outside IPs - How to create a rule to allow ALL tcp/udp traffic from one outside IP to an internal IP (for an internal router/NAT with it's own subnet) kyoo Cisco 22 04-12-2008 03:37 PM
help with pix inside->outside + dmz->outside + inside->outside->dmz Jack Cisco 0 09-19-2007 01:57 AM
nat from outside to outside dt1649651@yahoo.com Cisco 1 08-21-2005 04:26 PM
Alias to outside NAT PIX 6.2 Andy Smith Cisco 3 01-26-2004 10:12 PM
nat behind outside interface on PIX Tony Cisco 1 11-26-2003 07:53 PM



Advertisments