change destination ip address

Discussion in 'Cisco' started by Glen, Apr 9, 2004.

  1. Glen

    Glen Guest

    I have a situation requiring the redirection of all HTTP,POP3,and Imap
    requests to a specific address to another destination. This traffic is
    not crossing a firewall of any form, just from on interface of a 6509
    to another.

    All | |
    request ---> | 6509 | ---> http, imap, pop3 ---> 10.80.50.3
    to | | \
    10.80.50.2 \---> smtp, etc ---> 10.80.50.2


    The solution (as we are told) is to redirect all but SMTP to another
    server.

    The suggestion is to setup a route-map and access lists basically as
    follows:

    access-list 110 permit tcp any host <host address> eq 110
    access-list 110 permit tcp any host <host address> eq 80
    access-list 110 permit tcp any host <host address> eq 143

    route-map <NAME> permit 10
    match ip address 110
    set ip default next-hop <host address>


    int vlan XXXX

    ip policy route-map <NAME>

    This configuration does not work, any ideas would be very much
    appreciated.

    Glen
     
    Glen, Apr 9, 2004
    #1
    1. Advertising

  2. Glen

    Hansang Bae Guest

    In article <>,
    says...
    > I have a situation requiring the redirection of all HTTP,POP3,and Imap
    > requests to a specific address to another destination. This traffic is
    > not crossing a firewall of any form, just from on interface of a 6509
    > to another.
    >
    > All | |
    > request ---> | 6509 | ---> http, imap, pop3 ---> 10.80.50.3
    > to | | \
    > 10.80.50.2 \---> smtp, etc ---> 10.80.50.2
    >
    >
    > The solution (as we are told) is to redirect all but SMTP to another
    > server.
    >
    > The suggestion is to setup a route-map and access lists basically as
    > follows:
    >
    > access-list 110 permit tcp any host <host address> eq 110
    > access-list 110 permit tcp any host <host address> eq 80
    > access-list 110 permit tcp any host <host address> eq 143
    >
    > route-map <NAME> permit 10
    > match ip address 110
    > set ip default next-hop <host address>
    >
    >
    > int vlan XXXX
    >
    > ip policy route-map <NAME>
    >
    > This configuration does not work, any ideas would be very much
    > appreciated.


    First, you need to set this on the INBOUT interface. Also, you don't
    want to use "set ip default..." use "set ip next-hop IP_ADDR" and "set
    interface INT_HERE"

    Use both to make sure you hard code the exit interface.

    --

    hsb

    "Somehow I imagined this experience would be more rewarding" Calvin
    *************** USE ROT13 TO SEE MY EMAIL ADDRESS ****************
    ********************************************************************
    Due to the volume of email that I receive, I may not not be able to
    reply to emails sent to my account. Please post a followup instead.
    ********************************************************************
     
    Hansang Bae, Apr 9, 2004
    #2
    1. Advertising

  3. In article <>,
    Hansang Bae <> wrote:

    > In article <>,
    > says...
    > > I have a situation requiring the redirection of all HTTP,POP3,and Imap
    > > requests to a specific address to another destination. This traffic is
    > > not crossing a firewall of any form, just from on interface of a 6509
    > > to another.
    > >
    > > All | |
    > > request ---> | 6509 | ---> http, imap, pop3 ---> 10.80.50.3
    > > to | | \
    > > 10.80.50.2 \---> smtp, etc ---> 10.80.50.2
    > >
    > >
    > > The solution (as we are told) is to redirect all but SMTP to another
    > > server.
    > >
    > > The suggestion is to setup a route-map and access lists basically as
    > > follows:
    > >
    > > access-list 110 permit tcp any host <host address> eq 110
    > > access-list 110 permit tcp any host <host address> eq 80
    > > access-list 110 permit tcp any host <host address> eq 143
    > >
    > > route-map <NAME> permit 10
    > > match ip address 110
    > > set ip default next-hop <host address>
    > >
    > >
    > > int vlan XXXX
    > >
    > > ip policy route-map <NAME>
    > >
    > > This configuration does not work, any ideas would be very much
    > > appreciated.

    >
    > First, you need to set this on the INBOUT interface. Also, you don't
    > want to use "set ip default..." use "set ip next-hop IP_ADDR" and "set
    > interface INT_HERE"
    >
    > Use both to make sure you hard code the exit interface.


    Note also that this does *not* change the destination address in the
    packets. It sends the packets to the next-hop with their address fields
    intact -- the next-hop is assumed to act like a router. The alternate
    server will need to be able to accept traffic with this destination
    address, and also use this address as the source address in its replies
    (so that the client will match it up properly with the connection).

    If you want to perform any address translation, you need to use NAT, not
    policy routing.

    --
    Barry Margolin,
    Arlington, MA
    *** PLEASE post questions in newsgroups, not directly to me ***
     
    Barry Margolin, Apr 9, 2004
    #3
  4. Glen

    Glen Guest

    Barry Margolin <> wrote in message news:<>...
    > In article <>,
    > Hansang Bae <> wrote:
    >
    > > In article <>,
    > > says...
    > > > I have a situation requiring the redirection of all HTTP,POP3,and Imap
    > > > requests to a specific address to another destination. This traffic is
    > > > not crossing a firewall of any form, just from on interface of a 6509
    > > > to another.
    > > >
    > > > All | |
    > > > request ---> | 6509 | ---> http, imap, pop3 ---> 10.80.50.3
    > > > to | | \
    > > > 10.80.50.2 \---> smtp, etc ---> 10.80.50.2
    > > >
    > > >
    > > > The solution (as we are told) is to redirect all but SMTP to another
    > > > server.
    > > >
    > > > The suggestion is to setup a route-map and access lists basically as
    > > > follows:
    > > >
    > > > access-list 110 permit tcp any host <host address> eq 110
    > > > access-list 110 permit tcp any host <host address> eq 80
    > > > access-list 110 permit tcp any host <host address> eq 143
    > > >
    > > > route-map <NAME> permit 10
    > > > match ip address 110
    > > > set ip default next-hop <host address>
    > > >
    > > >
    > > > int vlan XXXX
    > > >
    > > > ip policy route-map <NAME>
    > > >
    > > > This configuration does not work, any ideas would be very much
    > > > appreciated.

    > >
    > > First, you need to set this on the INBOUT interface. Also, you don't
    > > want to use "set ip default..." use "set ip next-hop IP_ADDR" and "set
    > > interface INT_HERE"
    > >
    > > Use both to make sure you hard code the exit interface.

    >
    > Note also that this does *not* change the destination address in the
    > packets. It sends the packets to the next-hop with their address fields
    > intact -- the next-hop is assumed to act like a router. The alternate
    > server will need to be able to accept traffic with this destination
    > address, and also use this address as the source address in its replies
    > (so that the client will match it up properly with the connection).
    >
    > If you want to perform any address translation, you need to use NAT, not
    > policy routing.


    Thank you for the reply. I was thinking that NAT had to occur in order
    to change an address and that policy routing would not have any impact
    on the destination within the packet but the path of the packets. The
    problem I am having is lack of experience with NAT. I have tried a
    couple of scenarios and none worked. Any input would be greatly
    appreciated. Also any direction to quality examples or documentation
    would also be greatly appreciated.
     
    Glen, Apr 12, 2004
    #4
  5. Glen

    Hansang Bae Guest

    In article <>,
    says...
    > Thank you for the reply. I was thinking that NAT had to occur in order
    > to change an address and that policy routing would not have any impact
    > on the destination within the packet but the path of the packets. The
    > problem I am having is lack of experience with NAT. I have tried a
    > couple of scenarios and none worked. Any input would be greatly
    > appreciated. Also any direction to quality examples or documentation
    > would also be greatly appreciated.



    I glossed over the 'need to change the IP' part. Cisco's NAT FAQ is
    pretty decent. Jeff Doyle's volume II also has good examples. Another
    good resource is Gilbert Held's "Cisco Access Lists Field Guide" is also
    quite good.

    But a quick tip is that "ip nat inside ...." command will translate the
    source IP address as it traverse from inside to outside. It will also
    translate the destination address as it traverses outisde to inside.

    There is also "ip nat outside ...." command does the opposite.

    See http://www.cisco.com/warp/public/556/1.html

    --

    hsb

    "Somehow I imagined this experience would be more rewarding" Calvin
    *************** USE ROT13 TO SEE MY EMAIL ADDRESS ****************
    ********************************************************************
    Due to the volume of email that I receive, I may not not be able to
    reply to emails sent to my account. Please post a followup instead.
    ********************************************************************
     
    Hansang Bae, Apr 12, 2004
    #5
  6. Glen

    Glen Guest

    Hansang Bae <> wrote in message news:<>...
    > In article <>,
    > says...
    > > Thank you for the reply. I was thinking that NAT had to occur in order
    > > to change an address and that policy routing would not have any impact
    > > on the destination within the packet but the path of the packets. The
    > > problem I am having is lack of experience with NAT. I have tried a
    > > couple of scenarios and none worked. Any input would be greatly
    > > appreciated. Also any direction to quality examples or documentation
    > > would also be greatly appreciated.

    >
    >
    > I glossed over the 'need to change the IP' part. Cisco's NAT FAQ is
    > pretty decent. Jeff Doyle's volume II also has good examples. Another
    > good resource is Gilbert Held's "Cisco Access Lists Field Guide" is also
    > quite good.
    >
    > But a quick tip is that "ip nat inside ...." command will translate the
    > source IP address as it traverse from inside to outside. It will also
    > translate the destination address as it traverses outisde to inside.
    >
    > There is also "ip nat outside ...." command does the opposite.
    >
    > See http://www.cisco.com/warp/public/556/1.html
    >
    > --
    >
    > hsb
    >

    Thanks for all of the feedback and the info on documentation. I have
    things working now, it seems that I was reversing the inside and
    outside. I really appreciate all of your time.


    Glen


    > "Somehow I imagined this experience would be more rewarding" Calvin
    > *************** USE ROT13 TO SEE MY EMAIL ADDRESS ****************
    > ********************************************************************
    > Due to the volume of email that I receive, I may not not be able to
    > reply to emails sent to my account. Please post a followup instead.
    > ********************************************************************
     
    Glen, Apr 13, 2004
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. cjn9045

    QoS by Destination IP Address?

    cjn9045, Nov 6, 2003, in forum: Cisco
    Replies:
    1
    Views:
    1,818
    Walter Roberson
    Nov 6, 2003
  2. Dave
    Replies:
    0
    Views:
    1,629
  3. Bruno

    Nat : Change destination ip

    Bruno, Jun 29, 2004, in forum: Cisco
    Replies:
    0
    Views:
    3,906
    Bruno
    Jun 29, 2004
  4. Lalo
    Replies:
    1
    Views:
    741
    Walter Roberson
    Apr 20, 2005
  5. Tony Neville
    Replies:
    7
    Views:
    1,663
    steve
    Sep 22, 2006
Loading...

Share This Page