thinking about this again it can't be done... what your doing here is many-to-many source NAT i.e a source pool then a source pool to translate to (inside global)
be it layer 3 or 4 the layer 3 source/destination pairs will always be matched in the translation table (layer 4 information is unique for PAT) BR Tony On 14 March 2014 18:38, Tony Singh <[email protected]> wrote: > > I'm sure this should work with PAT and matching layer 4 information, > reason it gets destination natted to the same address is the ACL matches > layer 3 information hence the same source/destination pairs, try on layer 4 > > With below config you'd need to source from say .3 to get a new public > > By the way you can't chop & change a TCP/UDP session to change it's > destination layer 3 address post NAT on the same device as the session > would drop > > -- > BR > > Tony > > > On 14 Mar 2014, at 15:23, César <[email protected]> wrote: > > > > George, thank you very for your detailed explanation. I'm going to use > your > > detailed scheme to explain more in detail what I need. > > > > I need that PC_A (192.168.1.2) gets PC_B (2.2.2.2) using in each > different > > period of time (every two seconds/10 seconds, for instance), different > > public IP addresses (1.1.1.3, 1.1.1.4, 1.1.1.5...) in the way that PC_B > see > > PC_A with different IP addresses. I don't know if it's possible. What I'm > > seeing configuring NAT without overloading is that when the router > > establish a NAT translation for a connection, it always use that IP > natted > > for the next connections (only changing the port numbers). > > > > Thanks, > > César. > > > > > > 2014-03-14 15:50 GMT+01:00 George Leslie <[email protected]>: > > > >> HI Cesar > >> If I understand your requirements correctly, then what you are > describing > >> is simply dynamic NAT. e.g. > >> > >> PC_A is on the "inside", 192.168.1.2/24. > >> PC_B is on the "outside", say 2.2.2.2/24 > >> > >> Topology: > >> > >> PC_A -> router eth 0 (inside) -> router serial 0 (outside) -> NAT -> WAN > >> -> PC_B > >> > >> A config like this should do it. I will assume public range of 1.1.1.1 > - > >> 1.1.1.15/28. > >> > >> int Eth 0 > >> ip address 192.168.1.1 255.255.255.0 > >> ip nat inside > >> > >> int ser0 > >> ip address 1.1.1.1 255.255.255.240 > >> ip nat outside > >> > >> ip route 0.0.0.0 0.0.0.0 1.1.1.2 > >> /* Assuming 1.1.1.2 is your ISP router. */ > >> > >> access-list 100 permit ip 192.168.1.0 0.0.0.255 any > >> > >> ip nat pool DYNAMIC_POOL 1.1.1.3 1.1.1.15 netmask 255.255.255.240 > >> ip nat inside source list 100 pool DYNAMIC_POOL > >> > >> This will nat PC_A to the next available NAT address in the dynamic > pool. > >> > >> Is this your requirement? > >> > >> George. > >> > >> > >> > >>> Date: Fri, 14 Mar 2014 15:18:04 +0100 > >>> From: [email protected] > >>> To: [email protected] > >>> Subject: [OSL | CCIE_RS] NAT > >> > >>> > >>> Hello, > >>> > >>> I would like to configure a network where you have a PC_A in the LAN, a > >>> router doing NAT (using a pool of public IP addresses) and a PC_B in > the > >>> WAN. Does anybody knows if it's possible to configure NAT in the router > >> in > >>> order to permit PC_A (using *always* the same private IP address) > connect > >>> to PC_B (using *always* the samedestination IP address) through > different > >> > >>> origin IP addresses assigned dynamically by the router? > >>> > >>> Thanks in advanced, > >>> Cesar. > >>> _______________________________________________ > >>> Free CCIE R&S, Collaboration, Data Center, Wireless & Security Videos > :: > >>> > >>> iPexpert on YouTube: www.youtube.com/ipexpertinc > > _______________________________________________ > > Free CCIE R&S, Collaboration, Data Center, Wireless & Security Videos :: > > > > iPexpert on YouTube: www.youtube.com/ipexpertinc > _______________________________________________ Free CCIE R&S, Collaboration, Data Center, Wireless & Security Videos :: iPexpert on YouTube: www.youtube.com/ipexpertinc
