Selective source-NAT from Internet to internal host


(Apologies in advance if my terminology here isn't "Cisco-ised" - am relatively new to IOS...)

I have a Cisco 1605R which has a single public (Internet facing) IP address.

I've configured IP NAT rules such that a connection from the Internet to the router on 25/tcp is NAT'd to one private (internal) IP address (mail server), and a connection to 22/tcp is NAT'd to a different private IP address (SSH server). In other words, the destination address of the connection is translated from the public address of the router to the appropriate private address of the destination host - based upon the destination TCP port.

At the moment, the source addresses of the Internet hosts initiating these connections are not translated (i.e. no source-NAT occurs) - so my mail relay and SSH server both see the original IP addresses of the Internet hosts making these connections - however, I'd like to selectively perform source-NAT on (just) one of these 2 TCP connections

- so connections to 25/tcp continues to pass through with the original source address, however connections to 22/tcp have their source address translated to a private address.

Is this possible? (Excerpt from my IOS config attached below)



Excerpt from my current configuration - IP addresses obfuscated:

ip nat pool my-address-pool netmask ip nat inside source list 1 pool my-address-pool overload

ip nat inside source static tcp 25 25 extendable ip nat inside source static tcp 22 22 extendable

access-list 1 permit

Reply to
Loading thread data ... Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.