[nsp] Cisco NAT quandary
Ed Ravin
eravin at panix.com
Thu May 1 23:59:27 EDT 2003
We have a customer who upgraded from an sDSL line with a Netopia
router to a T1 line with a Cisco 1720. The old setup had one
outside IP address, and incoming FTP, SMTP, and WWW were NAT'd to
3 different hosts on the inside, which all had 192.168.x.x addresses.
When we installed the T1 and the Cisco, we set up something similar
with the "ip nat inside source static ..." commands. But there
was one requirement we didn't know about. The customer had been,
up until now, using FTP, SMTP, and WWW inside their network by
referring to the single outside IP address. That is, from the 192.168.x.x
hosts, they would ftp, send mail, or surf to "outside.customer.com" and
the Netopia would perform the NAT and route the traffic to the appropriate
host. Catch is, I don't see how to do anything like with Cisco's concepts
of "inside" and "outside" interfaces - I can do it on traffic passing
from outside to inside, but not to traffic that is starting on inside
and needs to be re-routed back to inside.
Is there any way to have two different classes of NAT, or are there
any features in IOS other than NAT for remapping ports from one IP
address to another like this? I can think of a few ways to solve
this if the customer is willing to use separate host names on their
inside network, but I'd much prefer to give them what they want if
there's any reasonable way of doing it.
More information about the cisco-nsp
mailing list