IP NAT OUTSIDE DESTINATION

Discussion in 'Cisco' started by Everyman, Sep 22, 2004.

  1. Everyman

    Everyman Guest

    hello,

    I have a question.
    I need to translate the destination address of the IP packet, which is
    incoming form the ouside (NAT) interface (packet comes from the internet). I
    need two such translations, I mean from two different networks. Using other
    words, I have a server in the LAN (lets say WWW) (inside NAT) wich has to be
    reached from these two networks under two different global addresses, lets
    say 20.20.20.20 and 30.30.30.30. The server's IP address is 192.168.1.1.
    Static translations does not work, beceuase I can use it just one time (to
    one address), but I need two. I thought that there is a command IP NAT
    OUTSIDE DESTINATION, but there isnt. Have anyone any idea or I dont
    understand something in this matter?

    Everyman,
    CCNA.
     
    Everyman, Sep 22, 2004
    #1
    1. Advertising

  2. Everyman

    mcaissie Guest

    "Everyman" <> wrote in message
    news:cisea7$s4n$...
    > hello,
    >
    > I have a question.
    > I need to translate the destination address of the IP packet, which is
    > incoming form the ouside (NAT) interface (packet comes from the internet).
    > I
    > need two such translations, I mean from two different networks. Using
    > other
    > words, I have a server in the LAN (lets say WWW) (inside NAT) wich has to
    > be
    > reached from these two networks under two different global addresses, lets
    > say 20.20.20.20 and 30.30.30.30. The server's IP address is 192.168.1.1.
    > Static translations does not work, beceuase I can use it just one time (to
    > one address), but I need two. I thought that there is a command IP NAT
    > OUTSIDE DESTINATION, but there isnt. Have anyone any idea or I dont
    > understand something in this matter?
    >
    > Everyman,
    > CCNA.
    >
    >


    NAT on the outside is possible on PIX since 6.2(2) i think, but anyway
    even if you mask
    the source address of the destination , you will still have the problem of
    not being able to
    mask your inside device with two different IP.

    I don't know what OS is running on your server , but if you could configure
    2 IP on your
    server interface , you could then make your two static in the firewall
     
    mcaissie, Sep 22, 2004
    #2
    1. Advertising

  3. Everyman

    Everyman Guest

    U¿ytkownik "mcaissie" <> napisa³ w wiadomo¶ci
    news:Tpj4d.123998$XP3.41098@edtnps84...
    >
    > "Everyman" <> wrote in message
    > news:cisea7$s4n$...
    > > hello,
    > >
    > > I have a question.
    > > I need to translate the destination address of the IP packet, which is
    > > incoming form the ouside (NAT) interface (packet comes from the

    internet).
    > > I
    > > need two such translations, I mean from two different networks. Using
    > > other
    > > words, I have a server in the LAN (lets say WWW) (inside NAT) wich has

    to
    > > be
    > > reached from these two networks under two different global addresses,

    lets
    > > say 20.20.20.20 and 30.30.30.30. The server's IP address is 192.168.1.1.
    > > Static translations does not work, beceuase I can use it just one time

    (to
    > > one address), but I need two. I thought that there is a command IP NAT
    > > OUTSIDE DESTINATION, but there isnt. Have anyone any idea or I dont
    > > understand something in this matter?
    > >
    > > Everyman,
    > > CCNA.
    > >
    > >

    >
    > NAT on the outside is possible on PIX since 6.2(2) i think, but anyway
    > even if you mask
    > the source address of the destination , you will still have the problem of
    > not being able to
    > mask your inside device with two different IP.
    >
    > I don't know what OS is running on your server , but if you could

    configure
    > 2 IP on your
    > server interface , you could then make your two static in the firewall
    >
    >



    I have no PIX, just Cisco Router with IOS.
    Serwer must have one ip address.

    Everyman.
     
    Everyman, Sep 22, 2004
    #3
  4. Everyman

    John Agosta Guest

    "mcaissie" <> wrote in message
    news:Tpj4d.123998$XP3.41098@edtnps84...
    >
    > "Everyman" <> wrote in message
    > news:cisea7$s4n$...
    > > hello,
    > >
    > > I have a question.
    > > I need to translate the destination address of the IP packet, which is
    > > incoming form the ouside (NAT) interface (packet comes from the

    internet).
    > > I
    > > need two such translations, I mean from two different networks. Using
    > > other
    > > words, I have a server in the LAN (lets say WWW) (inside NAT) wich has

    to
    > > be
    > > reached from these two networks under two different global addresses,

    lets
    > > say 20.20.20.20 and 30.30.30.30. The server's IP address is 192.168.1.1.
    > > Static translations does not work, beceuase I can use it just one time

    (to
    > > one address), but I need two. I thought that there is a command IP NAT
    > > OUTSIDE DESTINATION, but there isnt. Have anyone any idea or I dont
    > > understand something in this matter?
    > >
    > > Everyman,
    > > CCNA.
    > >
    > >

    >
    > NAT on the outside is possible on PIX since 6.2(2) i think, but anyway
    > even if you mask
    > the source address of the destination , you will still have the problem of
    > not being able to
    > mask your inside device with two different IP.
    >
    > I don't know what OS is running on your server , but if you could

    configure
    > 2 IP on your
    > server interface , you could then make your two static in the firewall
    >
    >



    The command is:
    ip nat outside source .....

    I am not sure if it will accomplish what you want to do,
    but you can read up on it at cisco.com
    simply search for the command. There's a PDF that explains it.....
     
    John Agosta, Sep 22, 2004
    #4
  5. Everyman

    Everyman Guest

    U¿ytkownik "John Agosta" <j_agosta@remove_wideopenwest.kom> napisa³ w
    wiadomo¶ci news:...
    >
    > "mcaissie" <> wrote in message
    > news:Tpj4d.123998$XP3.41098@edtnps84...
    > >
    > > "Everyman" <> wrote in message
    > > news:cisea7$s4n$...
    > > > hello,
    > > >
    > > > I have a question.
    > > > I need to translate the destination address of the IP packet, which is
    > > > incoming form the ouside (NAT) interface (packet comes from the

    > internet).
    > > > I
    > > > need two such translations, I mean from two different networks. Using
    > > > other
    > > > words, I have a server in the LAN (lets say WWW) (inside NAT) wich has

    > to
    > > > be
    > > > reached from these two networks under two different global addresses,

    > lets
    > > > say 20.20.20.20 and 30.30.30.30. The server's IP address is

    192.168.1.1.
    > > > Static translations does not work, beceuase I can use it just one time

    > (to
    > > > one address), but I need two. I thought that there is a command IP NAT
    > > > OUTSIDE DESTINATION, but there isnt. Have anyone any idea or I dont
    > > > understand something in this matter?
    > > >
    > > > Everyman,
    > > > CCNA.
    > > >
    > > >

    > >
    > > NAT on the outside is possible on PIX since 6.2(2) i think, but anyway
    > > even if you mask
    > > the source address of the destination , you will still have the problem

    of
    > > not being able to
    > > mask your inside device with two different IP.
    > >
    > > I don't know what OS is running on your server , but if you could

    > configure
    > > 2 IP on your
    > > server interface , you could then make your two static in the firewall
    > >
    > >

    >
    >
    > The command is:
    > ip nat outside source .....
    >
    > I am not sure if it will accomplish what you want to do,
    > but you can read up on it at cisco.com
    > simply search for the command. There's a PDF that explains it.....
    >


    OK,

    But, no sir :)
    Your command translates source address, but I need to change the destination
    one.

    :)
    If you find something for me, I will appreciate it

    Everyman.
     
    Everyman, Sep 22, 2004
    #5
  6. Everyman

    PES Guest

    "Everyman" <> wrote in message
    news:ciso6v$j5n$...
    >
    > U¿ytkownik "John Agosta" <j_agosta@remove_wideopenwest.kom> napisa³ w
    > wiadomo¶ci news:...
    >>
    >> "mcaissie" <> wrote in message
    >> news:Tpj4d.123998$XP3.41098@edtnps84...
    >> >
    >> > "Everyman" <> wrote in message
    >> > news:cisea7$s4n$...
    >> > > hello,
    >> > >
    >> > > I have a question.
    >> > > I need to translate the destination address of the IP packet, which
    >> > > is
    >> > > incoming form the ouside (NAT) interface (packet comes from the

    >> internet).
    >> > > I
    >> > > need two such translations, I mean from two different networks. Using
    >> > > other
    >> > > words, I have a server in the LAN (lets say WWW) (inside NAT) wich
    >> > > has

    >> to
    >> > > be
    >> > > reached from these two networks under two different global addresses,

    >> lets
    >> > > say 20.20.20.20 and 30.30.30.30. The server's IP address is

    > 192.168.1.1.
    >> > > Static translations does not work, beceuase I can use it just one
    >> > > time

    >> (to
    >> > > one address), but I need two. I thought that there is a command IP
    >> > > NAT
    >> > > OUTSIDE DESTINATION, but there isnt. Have anyone any idea or I dont
    >> > > understand something in this matter?
    >> > >
    >> > > Everyman,
    >> > > CCNA.
    >> > >
    >> > >
    >> >
    >> > NAT on the outside is possible on PIX since 6.2(2) i think, but
    >> > anyway
    >> > even if you mask
    >> > the source address of the destination , you will still have the problem

    > of
    >> > not being able to
    >> > mask your inside device with two different IP.
    >> >
    >> > I don't know what OS is running on your server , but if you could

    >> configure
    >> > 2 IP on your
    >> > server interface , you could then make your two static in the firewall
    >> >
    >> >

    >>
    >>
    >> The command is:
    >> ip nat outside source .....
    >>
    >> I am not sure if it will accomplish what you want to do,
    >> but you can read up on it at cisco.com
    >> simply search for the command. There's a PDF that explains it.....
    >>

    >
    > OK,
    >
    > But, no sir :)
    > Your command translates source address, but I need to change the
    > destination
    > one.
    >
    > :)
    > If you find something for me, I will appreciate it
    >
    > Everyman.


    Depends on your point of view. I could argue that ip nat inside source
    translates the source or destination. As the packets go out, it translates
    the source, as they come back it translates the destination. For any nat
    translation to work it must mirror itself in a bi-directional fashion.

    As for you configuration, you will have to have two addresses on the server
    and create a seperate ip nat inside source static for each global/local
    pair. You cannot static nat two globals to a single local address. It
    simply will not work. If the router would allow you to configure this, how
    would the return packets know which way to nat their source. I take that
    back, I guess it could based on the destination network. The only way that
    I could see this possible would be if you could use a route map in
    conjuction with a static. AFAIK, no current IOS will not do this. Maybe
    you could get really fancy with multiple loopbacks, policy routing and a
    variant of NAT on a Stick.
     
    PES, Sep 23, 2004
    #6
  7. Everyman

    Everyman Guest

    >> >> > > I have a question.
    > >> > > I need to translate the destination address of the IP packet, which
    > >> > > is
    > >> > > incoming form the ouside (NAT) interface (packet comes from the
    > >> internet).
    > >> > > I
    > >> > > need two such translations, I mean from two different networks.

    Using
    > >> > > other
    > >> > > words, I have a server in the LAN (lets say WWW) (inside NAT) wich
    > >> > > has
    > >> to
    > >> > > be
    > >> > > reached from these two networks under two different global

    addresses,
    > >> lets
    > >> > > say 20.20.20.20 and 30.30.30.30. The server's IP address is

    > > 192.168.1.1.
    > >> > > Static translations does not work, beceuase I can use it just one
    > >> > > time
    > >> (to
    > >> > > one address), but I need two. I thought that there is a command IP
    > >> > > NAT
    > >> > > OUTSIDE DESTINATION, but there isnt. Have anyone any idea or I dont
    > >> > > understand something in this matter?
    > >> > >
    > >> > > Everyman,
    > >> > > CCNA.
    > >> > >
    > >> > >
    > >> >
    > >> > NAT on the outside is possible on PIX since 6.2(2) i think, but
    > >> > anyway
    > >> > even if you mask
    > >> > the source address of the destination , you will still have the

    problem
    > > of
    > >> > not being able to
    > >> > mask your inside device with two different IP.
    > >> >
    > >> > I don't know what OS is running on your server , but if you could
    > >> configure
    > >> > 2 IP on your
    > >> > server interface , you could then make your two static in the

    firewall
    > >> >
    > >> >
    > >>
    > >>
    > >> The command is:
    > >> ip nat outside source .....
    > >>
    > >> I am not sure if it will accomplish what you want to do,
    > >> but you can read up on it at cisco.com
    > >> simply search for the command. There's a PDF that explains it.....
    > >>

    > >
    > > OK,
    > >
    > > But, no sir :)
    > > Your command translates source address, but I need to change the
    > > destination
    > > one.
    > >
    > > :)
    > > If you find something for me, I will appreciate it
    > >
    > > Everyman.

    >
    > Depends on your point of view. I could argue that ip nat inside source
    > translates the source or destination. As the packets go out, it

    translates
    > the source, as they come back it translates the destination. For any nat
    > translation to work it must mirror itself in a bi-directional fashion.
    >
    > As for you configuration, you will have to have two addresses on the

    server
    > and create a seperate ip nat inside source static for each global/local
    > pair. You cannot static nat two globals to a single local address. It
    > simply will not work. If the router would allow you to configure this,

    how
    > would the return packets know which way to nat their source. I take that
    > back, I guess it could based on the destination network. The only way

    that
    > I could see this possible would be if you could use a route map in
    > conjuction with a static. AFAIK, no current IOS will not do this. Maybe
    > you could get really fancy with multiple loopbacks, policy routing and a
    > variant of NAT on a Stick.
    >
    >


    YES,

    thats what I expected. There is no such a feature in present IOS's.

    And only one manner to do this (I guess) is through the use of multiple
    loopbacks, policy routing and NAT (I hope it does work).
    But right now I have no idea how to configure it.
    If you have any smart idea, please write to me.


    Everyman.
    CCNA
     
    Everyman, Sep 23, 2004
    #7
  8. Everyman

    PES Guest

    "Everyman" <> wrote in message
    news:civ6ji$or6$...
    >>> >> > > I have a question.
    >> >> > > I need to translate the destination address of the IP packet,
    >> >> > > which
    >> >> > > is
    >> >> > > incoming form the ouside (NAT) interface (packet comes from the
    >> >> internet).
    >> >> > > I
    >> >> > > need two such translations, I mean from two different networks.

    > Using
    >> >> > > other
    >> >> > > words, I have a server in the LAN (lets say WWW) (inside NAT) wich
    >> >> > > has
    >> >> to
    >> >> > > be
    >> >> > > reached from these two networks under two different global

    > addresses,
    >> >> lets
    >> >> > > say 20.20.20.20 and 30.30.30.30. The server's IP address is
    >> > 192.168.1.1.
    >> >> > > Static translations does not work, beceuase I can use it just one
    >> >> > > time
    >> >> (to
    >> >> > > one address), but I need two. I thought that there is a command IP
    >> >> > > NAT
    >> >> > > OUTSIDE DESTINATION, but there isnt. Have anyone any idea or I
    >> >> > > dont
    >> >> > > understand something in this matter?
    >> >> > >
    >> >> > > Everyman,
    >> >> > > CCNA.
    >> >> > >
    >> >> > >
    >> >> >
    >> >> > NAT on the outside is possible on PIX since 6.2(2) i think, but
    >> >> > anyway
    >> >> > even if you mask
    >> >> > the source address of the destination , you will still have the

    > problem
    >> > of
    >> >> > not being able to
    >> >> > mask your inside device with two different IP.
    >> >> >
    >> >> > I don't know what OS is running on your server , but if you could
    >> >> configure
    >> >> > 2 IP on your
    >> >> > server interface , you could then make your two static in the

    > firewall
    >> >> >
    >> >> >
    >> >>
    >> >>
    >> >> The command is:
    >> >> ip nat outside source .....
    >> >>
    >> >> I am not sure if it will accomplish what you want to do,
    >> >> but you can read up on it at cisco.com
    >> >> simply search for the command. There's a PDF that explains it.....
    >> >>
    >> >
    >> > OK,
    >> >
    >> > But, no sir :)
    >> > Your command translates source address, but I need to change the
    >> > destination
    >> > one.
    >> >
    >> > :)
    >> > If you find something for me, I will appreciate it
    >> >
    >> > Everyman.

    >>
    >> Depends on your point of view. I could argue that ip nat inside source
    >> translates the source or destination. As the packets go out, it

    > translates
    >> the source, as they come back it translates the destination. For any nat
    >> translation to work it must mirror itself in a bi-directional fashion.
    >>
    >> As for you configuration, you will have to have two addresses on the

    > server
    >> and create a seperate ip nat inside source static for each global/local
    >> pair. You cannot static nat two globals to a single local address. It
    >> simply will not work. If the router would allow you to configure this,

    > how
    >> would the return packets know which way to nat their source. I take that
    >> back, I guess it could based on the destination network. The only way

    > that
    >> I could see this possible would be if you could use a route map in
    >> conjuction with a static. AFAIK, no current IOS will not do this. Maybe
    >> you could get really fancy with multiple loopbacks, policy routing and a
    >> variant of NAT on a Stick.
    >>
    >>

    >
    > YES,
    >
    > thats what I expected. There is no such a feature in present IOS's.
    >
    > And only one manner to do this (I guess) is through the use of multiple
    > loopbacks, policy routing and NAT (I hope it does work).
    > But right now I have no idea how to configure it.
    > If you have any smart idea, please write to me.
    >
    >
    > Everyman.
    > CCNA
    >
    >


    I don't have any real good direction I can give you on this. I would look
    at some examples of using policy based routing with route-maps, route-maps
    with nat and look at the following article explaining nat on a stick.

    http://www.cisco.com/warp/public/556/nat-on-stick.html

    You may be able to merge those technologies into something that would be
    able to do what you ask. It will definitely be a kludge. It would also
    concern me any time I had to upgrade the IOS thereafter.
     
    PES, Sep 23, 2004
    #8
  9. Everyman

    Ziomal Guest

    "Everyman" <> wrote in message news:<cisea7$s4n$>...
    > hello,
    >
    > I have a question.
    > I need to translate the destination address of the IP packet, which is
    > incoming form the ouside (NAT) interface (packet comes from the internet). I
    > need two such translations, I mean from two different networks. Using other
    > words, I have a server in the LAN (lets say WWW) (inside NAT) wich has to be
    > reached from these two networks under two different global addresses, lets
    > say 20.20.20.20 and 30.30.30.30. The server's IP address is 192.168.1.1.
    > Static translations does not work, beceuase I can use it just one time (to
    > one address), but I need two. I thought that there is a command IP NAT
    > OUTSIDE DESTINATION, but there isnt. Have anyone any idea or I dont
    > understand something in this matter?
    >
    > Everyman,
    > CCNA.


    Hello

    Have you ever tried this commnad?

    NAT(config)#ip nat inside source static tcp 192.168.1.1 80 1.1.1.1 80 extendable

    where 192.168.1.1 is your like you say WWW server
    80 http port
    and 1.1.1.1 your ip nat outside interface

    Regards,
    Maciek
     
    Ziomal, Sep 23, 2004
    #9
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Dave
    Replies:
    0
    Views:
    1,666
  2. Lalo
    Replies:
    1
    Views:
    752
    Walter Roberson
    Apr 20, 2005
  3. Replies:
    1
    Views:
    642
  4. Replies:
    1
    Views:
    5,765
    mcaissie
    Aug 31, 2006
  5. Jack
    Replies:
    0
    Views:
    724
Loading...

Share This Page