Cisco router nat depends on destination IP

Discussion in 'Cisco' started by hdu, Jan 10, 2004.

  1. hdu

    hdu Guest

    Our company network configuration is :

    Internet<---router1--->DMZ(IP: 202.122.x.y)<--->router2<---->office(IP:
    192.168.0.z)

    I would like to configure nat on router2 that do nat of office IP to global
    IP of all packets to Internet. But all packet to DMZ from office not do the
    nat.

    Can I configure this on a Cisco router 3640 (router2 in above).
     
    hdu, Jan 10, 2004
    #1
    1. Advertising

  2. Let's pretend that you have a DMZ network of 202.122.0.0/29 and that Router2
    's interface to Router1 is FastEthernet0

    ip nat inside source list nat_decision interface FastEthernet0 overload

    ip access-list extended nat_decision
    deny ip 192.168.0.0 0.0.0.255 202.122.0.0 0.0.0.7
    permit ip 192.168.0.0 0.0.0.255 any

    Claude

    "hdu" <> wrote in message news:3fffd53d$...
    > Our company network configuration is :
    >
    > Internet<---router1--->DMZ(IP: 202.122.x.y)<--->router2<---->office(IP:
    > 192.168.0.z)
    >
    > I would like to configure nat on router2 that do nat of office IP to

    global
    > IP of all packets to Internet. But all packet to DMZ from office not do

    the
    > nat.
    >
    > Can I configure this on a Cisco router 3640 (router2 in above).
    >
    >
     
    Claude LeFort, Jan 10, 2004
    #2
    1. Advertising

  3. hdu

    hdu Guest

    can office connect to DMZ using the IP 192.168.0.z ?

    "Claude LeFort" <> ¦b¶l¥ó
    news:pCSLb.56166$ ¤¤¼¶¼g...
    > Let's pretend that you have a DMZ network of 202.122.0.0/29 and that

    Router2
    > 's interface to Router1 is FastEthernet0
    >
    > ip nat inside source list nat_decision interface FastEthernet0 overload
    >
    > ip access-list extended nat_decision
    > deny ip 192.168.0.0 0.0.0.255 202.122.0.0 0.0.0.7
    > permit ip 192.168.0.0 0.0.0.255 any
    >
    > Claude
    >
    > "hdu" <> wrote in message news:3fffd53d$...
    > > Our company network configuration is :
    > >
    > > Internet<---router1--->DMZ(IP: 202.122.x.y)<--->router2<---->office(IP:
    > > 192.168.0.z)
    > >
    > > I would like to configure nat on router2 that do nat of office IP to

    > global
    > > IP of all packets to Internet. But all packet to DMZ from office not do

    > the
    > > nat.
    > >
    > > Can I configure this on a Cisco router 3640 (router2 in above).
    > >
    > >

    >
    >
     
    hdu, Jan 10, 2004
    #3
  4. hdu

    hdu Guest

    I following your advice and it works perfectly. However, my sites include
    different companies which use different IP to Internet. So I changed your
    command as follows:

    ip nat pool nat_1 202.122.x.y 202.122.x.y netmask 255.255.255.248

    ip nat inside source list nat_decision_1 pool nat_1

    ip access-list extended nat_decision_1

    deny ip 192.168.1.0 0.0.0.255 202.122.x.0 0.0.0.255

    permit ip 192.168.1.0 0.0.0.255 any


    Then I connect to both Internet and our DMZ. I find that it do nat both DMZ
    and Internet.
    Do I make anything wrong?

    "Claude LeFort" <> ¦b¶l¥ó
    news:pCSLb.56166$ ¤¤¼¶¼g...
    > Let's pretend that you have a DMZ network of 202.122.0.0/29 and that

    Router2
    > 's interface to Router1 is FastEthernet0
    >
    > ip nat inside source list nat_decision interface FastEthernet0 overload
    >
    > ip access-list extended nat_decision
    > deny ip 192.168.0.0 0.0.0.255 202.122.0.0 0.0.0.7
    > permit ip 192.168.0.0 0.0.0.255 any
    >
    > Claude
    >
    > "hdu" <> wrote in message news:3fffd53d$...
    > > Our company network configuration is :
    > >
    > > Internet<---router1--->DMZ(IP: 202.122.x.y)<--->router2<---->office(IP:
    > > 192.168.0.z)
    > >
    > > I would like to configure nat on router2 that do nat of office IP to

    > global
    > > IP of all packets to Internet. But all packet to DMZ from office not do

    > the
    > > nat.
    > >
    > > Can I configure this on a Cisco router 3640 (router2 in above).
    > >
    > >

    >
    >
     
    hdu, Jan 12, 2004
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Dave
    Replies:
    0
    Views:
    1,698
  2. Andre Wisniewski

    Destination NAT with Cisco 2503

    Andre Wisniewski, Dec 10, 2004, in forum: Cisco
    Replies:
    1
    Views:
    6,270
    Ivan Ostreš
    Dec 10, 2004
  3. It all depends on whose ox is getting gored

    , Feb 6, 2004, in forum: Digital Photography
    Replies:
    16
    Views:
    1,147
  4. =?Utf-8?B?ZGFrb3RhMDI=?=

    Dual boot operating system depends on ntldr and ntdetect version??

    =?Utf-8?B?ZGFrb3RhMDI=?=, Feb 20, 2007, in forum: Windows 64bit
    Replies:
    16
    Views:
    1,199
    Bjorn Landemoo
    Feb 26, 2007
  5. Have A Nice Cup of Tea

    Why Your Future Depends on Open Source

    Have A Nice Cup of Tea, May 14, 2006, in forum: NZ Computing
    Replies:
    10
    Views:
    577
    Waylon Kenning
    May 15, 2006
Loading...

Share This Page