Pix Outside NAT

Discussion in 'Cisco' started by bitored2002@yahoo.com.au, Sep 20, 2005.

  1. Guest

    Hi,

    I have a pix that connects to 2 internet links. I want to split
    different types traffic across the 2 links in each direction. Therefore
    BGP can take care of the inbound path for traffic on the routers. So
    for example i want inbound HTTP traffic on link 1 and email on link 2.
    The problem is because of my default route the outbound email always
    follows path 1.

    I have been thinking of puting the 2nd link on a separate interface on
    the pix (curently both are reachable via the outside interface.) Then i
    could NAT the source Public IP address on the 2nd link (inbound
    direction) so that when my inside host replies it will reply to the NAT
    address and follow the path out the 2nd internet link (via the new
    interface on the pix).

    My question is when the nat function nats back to the real Public IP
    will the pix then do a route look up and try to send it out via the
    default gateway, ie the outside interface and thus still give me the
    same result or will it route before NAT and then simply forward the
    packet out my new interface as i would hope. I am unsure of when
    exactly the routing happens with NAT.

    Thank you for any comments.
     
    , Sep 20, 2005
    #1
    1. Advertising

  2. Cen Guest

    NAT order of operation generally is as follows:
    From inside to outside, route first then NAT.
    From outside to inside, NAT first then route.


    <> wrote in message
    news:...
    > Hi,
    >
    > I have a pix that connects to 2 internet links. I want to split
    > different types traffic across the 2 links in each direction. Therefore
    > BGP can take care of the inbound path for traffic on the routers. So
    > for example i want inbound HTTP traffic on link 1 and email on link 2.
    > The problem is because of my default route the outbound email always
    > follows path 1.
    >
    > I have been thinking of puting the 2nd link on a separate interface on
    > the pix (curently both are reachable via the outside interface.) Then i
    > could NAT the source Public IP address on the 2nd link (inbound
    > direction) so that when my inside host replies it will reply to the NAT
    > address and follow the path out the 2nd internet link (via the new
    > interface on the pix).
    >
    > My question is when the nat function nats back to the real Public IP
    > will the pix then do a route look up and try to send it out via the
    > default gateway, ie the outside interface and thus still give me the
    > same result or will it route before NAT and then simply forward the
    > packet out my new interface as i would hope. I am unsure of when
    > exactly the routing happens with NAT.
    >
    > Thank you for any comments.
    >
     
    Cen, Sep 20, 2005
    #2
    1. Advertising

  3. MC Guest

    On the topic of NAT, I think I am having a brain fart but can not think what
    I need to do for a NAT configuration I need.

    I have a router at a remote site, both sides are using overlapping IP
    addressing in a private range.
    I do not want a dynamic NAT configuration using DNS on the router but want
    to static define all NAT addresses on each side. Also I want to hide any
    traffic not having a static resource define from the source direction to
    overload behind a single NAT.
    One side configurd Inside and one Side configred outside.
    I can get the Inside to Outside traffic to overload behind a single IP but
    going from outside to Inside can not get to hide behind a single IP, Had to
    use a pool of IP's but really want to have that traffic behind a single IP
    also.
    Is this possible, I thought I had done it before but can not remember how if
    so, also would NAT work from an Inside to an Inside interfaces ?

    Thanks,
    MC

    "Cen" <> wrote in message
    news:dgp460$2ih9$...
    > NAT order of operation generally is as follows:
    > From inside to outside, route first then NAT.
    > From outside to inside, NAT first then route.
    >
    >
    > <> wrote in message
    > news:...
    > > Hi,
    > >
    > > I have a pix that connects to 2 internet links. I want to split
    > > different types traffic across the 2 links in each direction. Therefore
    > > BGP can take care of the inbound path for traffic on the routers. So
    > > for example i want inbound HTTP traffic on link 1 and email on link 2.
    > > The problem is because of my default route the outbound email always
    > > follows path 1.
    > >
    > > I have been thinking of puting the 2nd link on a separate interface on
    > > the pix (curently both are reachable via the outside interface.) Then i
    > > could NAT the source Public IP address on the 2nd link (inbound
    > > direction) so that when my inside host replies it will reply to the NAT
    > > address and follow the path out the 2nd internet link (via the new
    > > interface on the pix).
    > >
    > > My question is when the nat function nats back to the real Public IP
    > > will the pix then do a route look up and try to send it out via the
    > > default gateway, ie the outside interface and thus still give me the
    > > same result or will it route before NAT and then simply forward the
    > > packet out my new interface as i would hope. I am unsure of when
    > > exactly the routing happens with NAT.
    > >
    > > Thank you for any comments.
    > >

    >
    >
     
    MC, Sep 20, 2005
    #3
  4. Guest

    Thanks Cen,

    Does that mean if i have an outside int and a DMZ int both connecting
    to the internet i can force some return traffic back out the DMZ
    interface by nating? So that when the return traffic goes from in to
    dmz it will route to the natted ip's (ie a pool of addresses from the
    DMZ subnet) and then NAT and forward out teh DMZ int? I just want to
    ensure that after natt'ing it doesnt do another route lookup and
    forward out teh outside int (ie following the default route).

    Thanks.



    Cen wrote:
    > NAT order of operation generally is as follows:
    > From inside to outside, route first then NAT.
    > From outside to inside, NAT first then route.
    >
    >
    > <> wrote in message
    > news:...
    > > Hi,
    > >
    > > I have a pix that connects to 2 internet links. I want to split
    > > different types traffic across the 2 links in each direction. Therefore
    > > BGP can take care of the inbound path for traffic on the routers. So
    > > for example i want inbound HTTP traffic on link 1 and email on link 2.
    > > The problem is because of my default route the outbound email always
    > > follows path 1.
    > >
    > > I have been thinking of puting the 2nd link on a separate interface on
    > > the pix (curently both are reachable via the outside interface.) Then i
    > > could NAT the source Public IP address on the 2nd link (inbound
    > > direction) so that when my inside host replies it will reply to the NAT
    > > address and follow the path out the 2nd internet link (via the new
    > > interface on the pix).
    > >
    > > My question is when the nat function nats back to the real Public IP
    > > will the pix then do a route look up and try to send it out via the
    > > default gateway, ie the outside interface and thus still give me the
    > > same result or will it route before NAT and then simply forward the
    > > packet out my new interface as i would hope. I am unsure of when
    > > exactly the routing happens with NAT.
    > >
    > > Thank you for any comments.
    > >
     
    , Sep 21, 2005
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Tony
    Replies:
    1
    Views:
    428
    Walter Roberson
    Nov 26, 2003
  2. Replies:
    1
    Views:
    635
  3. Yogz
    Replies:
    1
    Views:
    3,093
  4. Jack
    Replies:
    0
    Views:
    703
  5. kyoo
    Replies:
    22
    Views:
    2,094
    Aceman
    Apr 12, 2008
Loading...

Share This Page