I'm sure this should work with PAT and matching layer 4 information, reason it gets destination natted to the same address is the ACL matches layer 3 information hence the same source/destination pairs, try on layer 4
With below config you'd need to source from say .3 to get a new public By the way you can't chop & change a TCP/UDP session to change it's destination layer 3 address post NAT on the same device as the session would drop -- BR Tony > On 14 Mar 2014, at 15:23, César <[email protected]> wrote: > > George, thank you very for your detailed explanation. I'm going to use your > detailed scheme to explain more in detail what I need. > > I need that PC_A (192.168.1.2) gets PC_B (2.2.2.2) using in each different > period of time (every two seconds/10 seconds, for instance), different > public IP addresses (1.1.1.3, 1.1.1.4, 1.1.1.5...) in the way that PC_B see > PC_A with different IP addresses. I don't know if it's possible. What I'm > seeing configuring NAT without overloading is that when the router > establish a NAT translation for a connection, it always use that IP natted > for the next connections (only changing the port numbers). > > Thanks, > César. > > > 2014-03-14 15:50 GMT+01:00 George Leslie <[email protected]>: > >> HI Cesar >> If I understand your requirements correctly, then what you are describing >> is simply dynamic NAT. e.g. >> >> PC_A is on the "inside", 192.168.1.2/24. >> PC_B is on the "outside", say 2.2.2.2/24 >> >> Topology: >> >> PC_A -> router eth 0 (inside) -> router serial 0 (outside) -> NAT -> WAN >> -> PC_B >> >> A config like this should do it. I will assume public range of 1.1.1.1 - >> 1.1.1.15/28. >> >> int Eth 0 >> ip address 192.168.1.1 255.255.255.0 >> ip nat inside >> >> int ser0 >> ip address 1.1.1.1 255.255.255.240 >> ip nat outside >> >> ip route 0.0.0.0 0.0.0.0 1.1.1.2 >> /* Assuming 1.1.1.2 is your ISP router. */ >> >> access-list 100 permit ip 192.168.1.0 0.0.0.255 any >> >> ip nat pool DYNAMIC_POOL 1.1.1.3 1.1.1.15 netmask 255.255.255.240 >> ip nat inside source list 100 pool DYNAMIC_POOL >> >> This will nat PC_A to the next available NAT address in the dynamic pool. >> >> Is this your requirement? >> >> George. >> >> >> >>> Date: Fri, 14 Mar 2014 15:18:04 +0100 >>> From: [email protected] >>> To: [email protected] >>> Subject: [OSL | CCIE_RS] NAT >> >>> >>> Hello, >>> >>> I would like to configure a network where you have a PC_A in the LAN, a >>> router doing NAT (using a pool of public IP addresses) and a PC_B in the >>> WAN. Does anybody knows if it's possible to configure NAT in the router >> in >>> order to permit PC_A (using *always* the same private IP address) connect >>> to PC_B (using *always* the samedestination IP address) through different >> >>> origin IP addresses assigned dynamically by the router? >>> >>> Thanks in advanced, >>> Cesar. >>> _______________________________________________ >>> Free CCIE R&S, Collaboration, Data Center, Wireless & Security Videos :: >>> >>> iPexpert on YouTube: www.youtube.com/ipexpertinc > _______________________________________________ > Free CCIE R&S, Collaboration, Data Center, Wireless & Security Videos :: > > iPexpert on YouTube: www.youtube.com/ipexpertinc _______________________________________________ Free CCIE R&S, Collaboration, Data Center, Wireless & Security Videos :: iPexpert on YouTube: www.youtube.com/ipexpertinc
