Cisco NAT/PAT - based on dest. IP - questions

Discussion in 'Cisco' started by Sri, Dec 6, 2004.

  1. Sri

    Sri Guest

    Hi all
    I am a newbie to Cisco NAT/PAT configurations. Is the following
    doable? The question is related to configuring NAT/PAT on a Cisco
    router in the presence of a web proxy. This will allow transparent web
    proxy services.

    []-----[Proxy]----[Cisco Rtr]==WAN link==[Rtr2]----[PC] PI1 PI2 CI2 CI1 RS2 194.x.x.1

    PI1 - Internet interface of Proxy = 174.x.x.1
    PI2 - Local interface of Proxy = 172.17.72.x
    CI2 - Cisco Interface 1 = 172.17.72.y
    CI1 - WAN interface = 192.168.150.x
    RS2 - Remote Rtr2 LAN interface = 194.x.x.2
    Remote PC = 194.x.x.1

    Step 1:
    GET request from PC (after DNS exchanges):
    Source: 194.x.x.1:5000

    Step 2:
    Same Pkt at CI1
    Source: 194.x.x.1:5000

    Step 3:
    Same Pkt at CI2 (changed by Cisco - what we need)
    Source: 194.x.x.1:5000
    Dest: 172.17.72.x:8080 (remember:

    Step 4:
    Proxy gets the packet. Gets the page: and stores it in cache.
    a reply.
    Packet at CI2
    Source: 172.17.72.x:8080
    Dest: 194.x.x.1:5000

    Step 5:
    Packet at CI1 (changed by Cisco - what we need)
    Source: (remember: from Step 3)
    Dest: 194.x.x.1:5000

    Step 3 and Step 5 needs Cisco router configurations for NAT/PAT etc.,
    Is this doable in Cisco using NAT or PAT or a combination?

    Step 3 is needed because proxy is not in promiscous mode and we want to
    avoid single point of failure.

    Step 5 is needed because PC has a TCP connection to and
    expects that in reply.

    We cannot configure web proxy addresses on the PC browsers or use WPAD
    or any other automatic proxy configurations like DHCP for many
    administrative and domain reasons.

    Please let me know
    Thank you
    Sri, Dec 6, 2004
