[c-nsp] RES: (simple?) NAT-question mapping multiple outside addresses to one inside address

Leonardo Gama Souza leonardo.souza at nec.com.br
Fri Feb 8 16:46:17 EST 2008 

What if you invert the picture?

"ip nat inside source static 192.168.1.1 10.1.2.10 "

And

server - outside - router - inside - source_network ?


Traffic from server to the network won't be nat'ted and the return
traffic will be directed to 10.1.2.10, thus won't match the nat rule.

cheers,
Leonardo.


-----Mensagem original-----
De: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] Em nome de Dennis Breithaupt
Enviada em: sexta-feira, 8 de fevereiro de 2008 05:01
Para: cisco-nsp at puck.nether.net
Assunto: [c-nsp] (simple?) NAT-question mapping multiple outside
addresses to one inside address

Hello list,

I request your support with this NAT-szenario, which I'm facing in a 
migration szenario from one IP-range to another.

Szenario: On the "inside" we have a "node1". "node1" formerly had the 
IL-address "192.168.1.1". During a migration the node gets moved to a 
new location with a new IL-address "10.1.2.10".

I now want this node to be reachable over both the ip-addresses. So I 
set up a hostroute for the old IL "192.168.1.1" to point to the new IL 
"10.1.2.10". (or a gateway to the segment, where the node resides...)

My first approach was to define a static mapping:

"ip nat inside source static 10.1.2.10 192.168.1.1"

But that solution is not feasible. When trying to reach the "old" IL 
"192.168.1.1" the translation is correct and the node is reachable, as 
it should: (1-to-1 mapping)

*Feb  8 08:55:55.223: NAT: s=10.1.1.10, d=192.168.1.1->10.1.2.10 [8]
*Feb  8 08:55:55.243: NAT*: s=10.1.2.10->192.168.1.1, d=10.1.1.10 [8]

When trying to reach the "new" IL "10.1.2.10" the outside-to-inside 
packet passes without NATting, but the inside-to-outside packet gets 
translated according the static mapping. So the initiating host gets an 
answer packet from a different ip.

*Feb  8 08:58:30.271: NAT: s=10.1.2.10->192.168.1.1, d=10.1.1.10 [9]

-> What would be the correct instrument, to just map multiple 
inside-global IP's to one inside-local for outside-to-inside
conversations?

Thank you very much in advance, regards,
Dennis

_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list