• cabling news
  Newsletter Industry News Our Site News
• help
  Home Cabling Guide Cabling FAQ Free Helpdesk Forums Learn Cabling
• resources
  Color Codes Pin Layouts Links E-books Bookstore Online Tools Downloads
• this site
  Home Page Contact us Advertise Here Link to us
• this page
  Bookmark It! Print
• +

Cisco Systems Selective source-NAT from Internet to internal host

Bookmark this page:   Yahoo!   Google   Windows Live   del.icio.us   digg   Netscape

Subject Author Date Selective source-NAT from Internet to internal host Mark 08-05-08

Posted by Mark on August 5, 2008, 10:08 am Please log in for more thread options Hi, (Apologies in advance if my terminology here isn't "Cisco-ised" - am relatively new to IOS...) I have a Cisco 1605R which has a single public (Internet facing) IP address. I've configured IP NAT rules such that a connection from the Internet to the router on 25/tcp is NAT'd to one private (internal) IP address (mail server), and a connection to 22/tcp is NAT'd to a different private IP address (SSH server). In other words, the destination address of the connection is translated from the public address of the router to the appropriate private address of the destination host - based upon the destination TCP port. At the moment, the source addresses of the Internet hosts initiating these connections are not translated (i.e. no source-NAT occurs) - so my mail relay and SSH server both see the original IP addresses of the Internet hosts making these connections - however, I'd like to selectively perform source-NAT on (just) one of these 2 TCP connections - so connections to 25/tcp continues to pass through with the original source address, however connections to 22/tcp have their source address translated to a private address. Is this possible? (Excerpt from my IOS config attached below) Thanks, Mark Excerpt from my current configuration - IP addresses obfuscated: ip nat pool my-address-pool 123.123.123.123 123.123.123.123 netmask 255.255.255.252 ip nat inside source list 1 pool my-address-pool overload ip nat inside source static tcp 10.1.1.1 25 123.123.123.123 25 extendable ip nat inside source static tcp 10.1.1.2 22 123.123.123.123 22 extendable access-list 1 permit 10.1.1.0 0.0.0.255

Similar Threads	Posted
Selective source-NAT from Internet to internal host	August 5, 2008, 10:08 am
Cisco PIX 501 - Port forwarded to an internal host via Static NAT doesn't work from internal host	January 19, 2006, 4:46 pm
PIX 501 - resolving internal host ip with public ip	March 9, 2007, 8:22 am
can PIX 515E log traffic by internal destination host?	July 27, 2005, 6:43 am
DNS query to internal DNS server from static NAT host	April 23, 2006, 9:04 pm
Forwarding traffic originating from a specific Internet host	October 11, 2006, 8:49 am
Limiting internet bandwidth per internal subnet	January 13, 2007, 5:49 pm
Having trouble with internal users accessing the Internet using NAT	January 22, 2007, 1:13 pm
Pix 506e w/5 static outside IPs - How to create a rule to allow ALL tcp/udp traffic from one outside IP to an internal IP (for an internal router/NAT with it's own subnet)	April 6, 2008, 3:39 pm
Access from internal hosts to internal servers using external address	April 18, 2007, 7:10 am
cisco ios nat from internal->external->internal	December 11, 2006, 8:05 am
Routing Question - How to send default internet traffic to PIX and VPN traffic from router out internet	February 27, 2007, 1:58 pm
837. Unable to see internal web server from internal server.	March 5, 2006, 8:52 am
PIX 501 and PAT going to wrong host	August 26, 2005, 2:17 pm
PIX 501 PAT going to wrong host	August 26, 2005, 2:31 pm

Contact Us | Privacy Policy