Re: Is it possible to NAT the Destination Address of Locally

From: CCIEin2006 (ciscocciein2006@gmail.com)
Date: Sat Sep 29 2007 - 07:19:01 ART

• Next message: Narbik Kocharians: "Re: Is it possible to NAT the Destination Address of Locally"
• Previous message: vignesh sethuraman: "Redistributing connected interfaces into rip"
• Maybe in reply to: CCIEin2006: "Is it possible to NAT the Destination Address of Locally"
• Next in thread: Narbik Kocharians: "Re: Is it possible to NAT the Destination Address of Locally"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I would prefer on the same router...but what do you suggest?

On 9/29/07, Narbik Kocharians <narbikk@gmail.com> wrote:
>
> Are you trying to NAT the destination IP on the same router that
> originates the packets? or can this be done on another router?
>
> On 9/28/07, Gary Duncanson <gary.duncanson@googlemail.com> wrote:
>
> > Hi
> >
> > Check email thread last week involving Ruth/Jason Guy and myself for
> > clues
> > with this one. We looked at a few NAT policy routing situations.
> >
> > HTH
> >
> > Gary
> > ----- Original Message -----
> > From: "CCIEin2006" <ciscocciein2006@gmail.com>
> > To: "CCIEin2006" < ciscocciein2006@gmail.com>; "Cisco certification"
> > <ccielab@groupstudy.com>
> > Sent: Friday, September 28, 2007 9:23 PM
> > Subject: Re: Is it possible to NAT the Destination Address of Locally
> > Originated Traffic?
> >
> >
> > > Thanks Kelly,
> > >
> > > I tried creating a local policy and then later a policy applied
> > directly
> > > to
> > > the interface for return traffic. Neither worked. I did a debug policy
> > and
> > > it appears that return traffic directed towards the router itself is
> > not
> > > being policy routed or if it is the NAT simply will not work!
> > >
> > > Whats frustrating is that I can get the NAT to work when I want to
> > change
> > > the source address of locally originated traffic, but not when
> > changing
> > > the
> > > destination address....
> > >
> > > On 9/28/07, kelly@cliffhanger.com < kelly@cliffhanger.com> wrote:
> > >>
> > >>
> > >> Policy routing ...
> > >>
> > >> Create a nat config for the reply traffic using a
> > >> route map and apply it to a "local policy".
> > >>
> > >>
> > >> ! global config mode :
> > >> ip local policy route-map <route-map-name>
> > >>
> > >> Configuring Policy-Based Routing
> > >>
> > >>
> > http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fqos_c/fqcprt1/qcfpbr.htm
> > >>
> > >> --
> > >> ___
> > >> /\ \
> > >> / \ \
> > >> / \ \
> > >> / /\ \ \
> > >> / / \ \ \
> > >> / / / \ \ \
> > >> / / /___\__\ \
> > >> / / /___________\
> > >> \/_______________/
> > >>
> > >> Impossible Triangle
> > >> M. C. Escher
> > >>
> > >> Big riffs, massive grooves, and expansive improvisations
> > >>
> > >>
> > >>
> > >>
> > >> Quoting CCIEin2006 < ciscocciein2006@gmail.com>:
> > >> Hello Experts,
> > >>
> > >> Is it possible to NAT the destination address for traffic
> > locally
> > >> generated
> > >> on a router?
> > >>
> > >> Lets say you wanted to play a mean trick on your co-workers,
> > and
> > >> have them
> > >> think they're telnetting into one router only to be
> > >> redirected to another router because the destination address
> > is
> > >> NAT'd.
> > >>
> > >> In the example below you are doing a telnet from R1 to IP
> > >> 5.5.5.5which is
> > >> NAT'd to 2.2.2.2 (IP of R2)
> > >>
> > >> (R1)----------(R2)
> > >> 1.1.1.1 2.2.2.2
> > >>
> > >> Here's the problem I'm seeing:
> > >>
> > >> 1.1.1.1 ----> 5.5.5.5 ->(NAT'd to 2.2.2.2)
> > >> 1.1.1.1 <--- 2.2.2.2 (Not being NAT'd back)
> > >>
> > >> I tried testing this but the problem is that the return
> > traffic is
> > >> not being
> > >> NAT'd back to the original address.
> > >> I see the SYN ACK come back from R2 with a source of 2.2.2.2but
> > >> it
> > >> does not
> > >> get NAT'd back to 5.5.5.5 .
> > >> Meanwhile R1 thinks this is traffic from a different session
> > and
> > >> sends a
> > >> RST.
> > >>
> > >> Is there any way to get this to work? I tried all kinds of
> > policy
> > >> based
> > >> routing but to no avail...
> > >>
> > >> Thanks,
> > >> Nick
> > >>
> > >>
> > >>
> > _______________________________________________________________________
> > >> Subscription information may be found at:
> > >> http://www.groupstudy.com/list/CCIELab.html
> > >
> > >
> > _______________________________________________________________________
> > > Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
>
>
>
> --
> Narbik Kocharians
> CCIE# 12410 (R&S, SP, Security)
> CCSI# 30832
> www.Net-WorkBooks.com <http://www.net-workbooks.com/>

• Next message: Narbik Kocharians: "Re: Is it possible to NAT the Destination Address of Locally"
• Previous message: vignesh sethuraman: "Redistributing connected interfaces into rip"
• Maybe in reply to: CCIEin2006: "Is it possible to NAT the Destination Address of Locally"
• Next in thread: Narbik Kocharians: "Re: Is it possible to NAT the Destination Address of Locally"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Oct 06 2007 - 12:01:16 ART