Selective source-NAT from Internet to internal host

Discussion in 'Cisco' started by Mark, Aug 5, 2008.

  1. Mark

    Mark Guest

    Hi,

    (Apologies in advance if my terminology here isn't "Cisco-ised" - am
    relatively new to IOS...)

    I have a Cisco 1605R which has a single public (Internet facing) IP address.

    I've configured IP NAT rules such that a connection from the Internet to
    the router on 25/tcp is NAT'd to one private (internal) IP address (mail
    server), and a connection to 22/tcp is NAT'd to a different private IP
    address (SSH server). In other words, the destination address of the
    connection is translated from the public address of the router to the
    appropriate private address of the destination host - based upon the
    destination TCP port.

    At the moment, the source addresses of the Internet hosts initiating
    these connections are not translated (i.e. no source-NAT occurs) - so my
    mail relay and SSH server both see the original IP addresses of the
    Internet hosts making these connections - however, I'd like to
    selectively perform source-NAT on (just) one of these 2 TCP connections
    - so connections to 25/tcp continues to pass through with the original
    source address, however connections to 22/tcp have their source address
    translated to a private address.

    Is this possible? (Excerpt from my IOS config attached below)

    Thanks,

    Mark

    Excerpt from my current configuration - IP addresses obfuscated:

    ip nat pool my-address-pool 123.123.123.123 123.123.123.123 netmask
    255.255.255.252
    ip nat inside source list 1 pool my-address-pool overload

    ip nat inside source static tcp 10.1.1.1 25 123.123.123.123 25 extendable
    ip nat inside source static tcp 10.1.1.2 22 123.123.123.123 22 extendable

    access-list 1 permit 10.1.1.0 0.0.0.255
     
    Mark, Aug 5, 2008
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Mike

    internal to internal NAT?

    Mike, Apr 19, 2004, in forum: Cisco
    Replies:
    1
    Views:
    693
  2. JoelSeph
    Replies:
    9
    Views:
    6,734
    JoelSeph
    Jan 23, 2006
  3. none
    Replies:
    5
    Views:
    3,188
  4. Bob
    Replies:
    0
    Views:
    561
  5. dcpearso
    Replies:
    3
    Views:
    1,956
    dcpearso
    Mar 23, 2008
Loading...

Share This Page