Source and destination NAT

From: Steven Godfrey (steven.godfrey@intechnology.co.uk)
Date: Wed Jun 06 2001 - 09:53:40 EDT


Hi,
I have a problem trying to translate both the source and destination address
for a connection.

I'm using a 3620 to do the NAT to allow one connection from a specific
internet address to a private network on the other side of the 3620. The
problem I have is that the PC's on the other side (Private) have a different
default to the 3620 that is doing NAT.

ip nat inside source static 42.20.0.19 64.2.2.2

#sh ip nat translations
Pro Inside global Inside local Outside local
Outside global
--- 64.2.2.2 42.20.0.19 --- ---

Using the above config the translation works fine if the 42.20.0.19 box has
a specific route to 64.2.2.2. The problem is that the boxes in the private
space have very strict polices regarding routing. Adding a specific static
is not an option.

What I want to achieve is translate the destination address 64.2.2.2 to
42.20.0.19, I then want to translate the source address say 193.0.0.1 to
42.20.0.7. I'm hoping this will work as follows:

193.0.0.1 connect to 64.2.2.2

3620 translates 64.2.2.2 to 42.20.0.19

This works ok but the source is still 193.0.0.1

I was hoping to use the config
ip nat outside source static 193.0.0.1 42.20.0.7

To translate 193.0.0.1 to 42.20.0.7

The packet would then arrive on the private network with the destination of
42.20.0.19 and source 42.20.0.7. The 3620 would deal with the arp and
reverse translations.

#sh ip nat translations
Pro Inside global Inside local Outside local
Outside global
--- 64.2.2.2 42.20.0.19 --- ---
--- --- --- 42.20.0.7
193.0.0.1

I cannot get this to work, is it possible to do source and destination NAT
on the same router?

Thanks in advance,

Steve



This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:40 EDT