|
Posted by Mark on August 5, 2008, 10:08 am
If you were Registered and logged in, you could reply and use other advanced thread options
Hi,
(Apologies in advance if my terminology here isn't "Cisco-ised" - am
relatively new to IOS...)
I have a Cisco 1605R which has a single public (Internet facing) IP address.
I've configured IP NAT rules such that a connection from the Internet to
the router on 25/tcp is NAT'd to one private (internal) IP address (mail
server), and a connection to 22/tcp is NAT'd to a different private IP
address (SSH server). In other words, the destination address of the
connection is translated from the public address of the router to the
appropriate private address of the destination host - based upon the
destination TCP port.
At the moment, the source addresses of the Internet hosts initiating
these connections are not translated (i.e. no source-NAT occurs) - so my
mail relay and SSH server both see the original IP addresses of the
Internet hosts making these connections - however, I'd like to
selectively perform source-NAT on (just) one of these 2 TCP connections
- so connections to 25/tcp continues to pass through with the original
source address, however connections to 22/tcp have their source address
translated to a private address.
Is this possible? (Excerpt from my IOS config attached below)
Thanks,
Mark
Excerpt from my current configuration - IP addresses obfuscated:
ip nat pool my-address-pool 123.123.123.123 123.123.123.123 netmask
255.255.255.252
ip nat inside source list 1 pool my-address-pool overload
ip nat inside source static tcp 10.1.1.1 25 123.123.123.123 25 extendable
ip nat inside source static tcp 10.1.1.2 22 123.123.123.123 22 extendable
access-list 1 permit 10.1.1.0 0.0.0.255
| 
Yahoo! 
Google 
Windows Live 
del.icio.us 
digg 
Netscape 
XML site map