As traffic comes in over my T1 into a cisco 1700 series, I'm NATing the outside source based on the inside destination. In other words if joe internet is trying to get to my server at x.y.z.5, the cisco will NAT joe internet's IP so the rest of my inside network thinks he came from 5.a.b.c.
And it's working, but... in an understandable attempt at efficiency, the existance of a NAT entry for the source IP apparently trumps any access-list processing in the cisco. Even tho it was a *desination based* decision to create the entry in the first place, now joe internet is no longer going to that destination but the entry is still being used anyway.
Unfortunately, x.y.z.5 exists on the same server as x.y.z.6, and this server has been told that if a request comes from 5.a.b.c, it is to send the response out through host x.y.z.5. Otherwise, replies via x.y.z.6.
The "problem" presents itself when joe internet requests x.y.z.5 *before* he requests x.y.z.6. On the first request for .5 he gets NATed and receives a response from .5 and all is well. Then if he subsequently requests .6, he gets nothing, because the NAT entry still exists, he gets NATed, and the responding server says "oh, this guy came from 5.a.b.c" and dutifly replies to his .6 request via the .5 host.
I know I can fix this by simply running the .5 and .6 hosts on seperate machines - but that would be giving up! Plus I would have to buy/build/license a seperate machine for something that gets like 100 hits a month.
Is there any way to tell the cisco that a request for .5 get source natted but absolutely, positively, NO other requests get natted? Is there a way to tell the cisco to check the access-list with *every* request even if it's not the most efficient thing to do? I'm not dealing with a lot of traffic here.