I've heard that some firewalls / nat routers are capable of carrying out port translation based on source address.
Example:
- The public address of my border firewall is 50.60.70.80
- I want to configure a nat/pat to forward port 22 from the public source address 30.30.30.80 to my inside device 192.168.5.1, and requests from all other public source addresses to be handled by the router itself (ie not natted).
Apparently this is possible on Microsoft ISA & OpenBSD, but as far as I know Cisco can't do it, for example in cisco you would just type: ip nat inside source static tcp 192.168.5.1 22 interface 22
and that would nat ALL traffic directed at port 22 of it's public ip address to the inside device 192.168.5.1, ie you can't differentiate based on source address.
If anyone can write on their experience with this on Cisco, ISA, Checkpoint, OpenBSD or anything else that would be great.
regards KC