[c-nsp] (simple?) NAT-question mapping multiple outside addresses to one inside address

Dennis Breithaupt mail at dennisbreithaupt.de
Fri Feb 8 03:01:21 EST 2008


Hello list,

I request your support with this NAT-szenario, which I'm facing in a 
migration szenario from one IP-range to another.

Szenario: On the "inside" we have a "node1". "node1" formerly had the 
IL-address "192.168.1.1". During a migration the node gets moved to a 
new location with a new IL-address "10.1.2.10".

I now want this node to be reachable over both the ip-addresses. So I 
set up a hostroute for the old IL "192.168.1.1" to point to the new IL 
"10.1.2.10". (or a gateway to the segment, where the node resides...)

My first approach was to define a static mapping:

"ip nat inside source static 10.1.2.10 192.168.1.1"

But that solution is not feasible. When trying to reach the "old" IL 
"192.168.1.1" the translation is correct and the node is reachable, as 
it should: (1-to-1 mapping)

*Feb  8 08:55:55.223: NAT: s=10.1.1.10, d=192.168.1.1->10.1.2.10 [8]
*Feb  8 08:55:55.243: NAT*: s=10.1.2.10->192.168.1.1, d=10.1.1.10 [8]

When trying to reach the "new" IL "10.1.2.10" the outside-to-inside 
packet passes without NATting, but the inside-to-outside packet gets 
translated according the static mapping. So the initiating host gets an 
answer packet from a different ip.

*Feb  8 08:58:30.271: NAT: s=10.1.2.10->192.168.1.1, d=10.1.1.10 [9]

-> What would be the correct instrument, to just map multiple 
inside-global IP's to one inside-local for outside-to-inside conversations?

Thank you very much in advance, regards,
Dennis



More information about the cisco-nsp mailing list