IOS and destination NAT

Discussion in 'Cisco' started by Klaus Zerwes, Sep 15, 2006.

  1. Klaus Zerwes

    Klaus Zerwes Guest

    Hello.

    Here is a brief description of my problem:

    I am trying to do destination-NAT using a cisco-router running IOS
    12.2(15)T2

    Interfaces:
    Interface FastEthernet0/1: public IP / ip nat outside

    Interface FastEthernet0/0.1-0.X: public IPs / no nat

    Interface Tunnel0: private IP - connection to private ip-networks / ip
    nat inside

    At the moment the device is using NAT (SNAT) for the private IP-networks:
    ip nat inside source list NATList interface FastEthernet0/1 overload
    ip access-list extended NATList
    permit ip 10.0.0.0 0.0.0.255 any

    permit ip 10.0.1.0 0.0.0.255 any

    permit ip 192.168.2.0 0.0.0.255 any

    permit ip 192.168.5.0 0.0.0.255 any

    permit ip 172.8.0.0 0.0.0.255 any

    ...
    !

    In addition I like to configuer now a Destination-NAT
    for some IPs connected at the moment via Fa0/0.Y to be forwarded
    somewhere into the private IP-Space, lets say:
    all traffic targeting public.ip.dnat.1 has to be forwarded to
    192.168.2.11 and all traffic originating from 192.168.2.11 has to be
    NATed to public.ip.dnat.1.


    I tried a lot - but gave me no usable results (for my understanding I
    need something like 'ip nat outside destination static ....' but ... you
    know thats not there ;-)
    I can do something like portforwarding - but no complete redirection

    Maybe someone of you can help me untie the gordian knot in the head of a
    poor autodidact.

    Thank you
    Best regards
    Klaus
     
    Klaus Zerwes, Sep 15, 2006
    #1
    1. Advertisements

  2. Klaus Zerwes

    bthetford Guest

    bthetford, Sep 15, 2006
    #2
    1. Advertisements

  3. Klaus Zerwes

    Klaus Zerwes Guest

    Nope ;-)
    I did not wrote about DNS.
    I simply have problems setting up a DNAT.

    I tried something like:
    ip nat inside source static 192.168.2.11 public.ip.dnat.1
    ip nat outside source static public.ip.dnat.1 192.168.2.11
    and other curios stuff
     
    Klaus Zerwes, Sep 20, 2006
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.