(Apologies in advance if my terminology here isn't "Cisco-ised" - am relatively new to IOS...)
I have a Cisco 1605R which has a single public (Internet facing) IP address.
I've configured IP NAT rules such that a connection from the Internet to the router on 25/tcp is NAT'd to one private (internal) IP address (mail server), and a connection to 22/tcp is NAT'd to a different private IP address (SSH server). In other words, the destination address of the connection is translated from the public address of the router to the appropriate private address of the destination host - based upon the destination TCP port.
At the moment, the source addresses of the Internet hosts initiating these connections are not translated (i.e. no source-NAT occurs) - so my mail relay and SSH server both see the original IP addresses of the Internet hosts making these connections - however, I'd like to selectively perform source-NAT on (just) one of these 2 TCP connections
- so connections to 25/tcp continues to pass through with the original source address, however connections to 22/tcp have their source address translated to a private address.
Is this possible? (Excerpt from my IOS config attached below)
Excerpt from my current configuration - IP addresses obfuscated:
ip nat pool my-address-pool 188.8.131.52 184.108.40.206 netmask255.255.255.252 ip nat inside source list 1 pool my-address-pool overload
ip nat inside source static tcp 10.1.1.1 25 220.127.116.11 25 extendable ip nat inside source static tcp 10.1.1.2 22 18.104.22.168 22 extendable
access-list 1 permit 10.1.1.0 0.0.0.255