Cisco NAT/PAT - based on dest. IP - questions

Discussion in 'Cisco' started by Sri, Dec 6, 2004.

  1. Sri

    Sri Guest

    Hi all
    I am a newbie to Cisco NAT/PAT configurations. Is the following
    doable? The question is related to configuring NAT/PAT on a Cisco
    router in the presence of a web proxy. This will allow transparent web
    proxy services.


    [cnn.com]-----[Proxy]----[Cisco Rtr]==WAN link==[Rtr2]----[PC]
    12.1.1.1 PI1 PI2 CI2 CI1 RS2 194.x.x.1

    Assume:
    PI1 - Internet interface of Proxy = 174.x.x.1
    PI2 - Local interface of Proxy = 172.17.72.x
    CI2 - Cisco Interface 1 = 172.17.72.y
    CI1 - WAN interface = 192.168.150.x
    RS2 - Remote Rtr2 LAN interface = 194.x.x.2
    Remote PC = 194.x.x.1


    Now:
    Step 1:
    GET request from PC (after DNS exchanges):
    Source: 194.x.x.1:5000
    Dest: 12.1.1.1:80

    Step 2:
    Same Pkt at CI1
    Source: 194.x.x.1:5000
    Dest: 12.1.1.1:80

    Step 3:
    Same Pkt at CI2 (changed by Cisco - what we need)
    Source: 194.x.x.1:5000
    Dest: 172.17.72.x:8080 (remember: 12.1.1.1:80)

    Step 4:
    Proxy gets the packet. Gets the page: cnn.com and stores it in cache.
    Sends
    a reply.
    Packet at CI2
    Source: 172.17.72.x:8080
    Dest: 194.x.x.1:5000

    Step 5:
    Packet at CI1 (changed by Cisco - what we need)
    Source: 12.1.1.1:80 (remember: 12.1.1.1:80 from Step 3)
    Dest: 194.x.x.1:5000

    Step 3 and Step 5 needs Cisco router configurations for NAT/PAT etc.,
    Is this doable in Cisco using NAT or PAT or a combination?

    Step 3 is needed because proxy is not in promiscous mode and we want to
    avoid single point of failure.

    Step 5 is needed because PC has a TCP connection to 12.1.1.1:80 and
    expects that in reply.

    Note:
    We cannot configure web proxy addresses on the PC browsers or use WPAD
    or any other automatic proxy configurations like DHCP for many
    administrative and domain reasons.

    Please let me know
    Thank you
    Sri
     
    Sri, Dec 6, 2004
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Captain
    Replies:
    11
    Views:
    777
    Barry Margolin
    May 11, 2004
  2. Sri
    Replies:
    0
    Views:
    696
  3. pawel
    Replies:
    2
    Views:
    501
    Walter Roberson
    Jan 7, 2005
  4. spec
    Replies:
    2
    Views:
    1,481
    Walter Roberson
    May 25, 2006
  5. Steven Carr
    Replies:
    7
    Views:
    785
Loading...

Share This Page