Nat One Public IP to another Public IP

ahmedahmedahmedahmed Member Posts: 41 ■■□□□□□□□□
Is it possible to Nat a Public IP to another Public IP.
ie if I try to access RDP using a public ip x.x.x.x on say Router 1 it automatically get routed to y.y.y.y(another public ip) on another router ?

Comments

  • down77down77 Member Posts: 1,009
    This may be what you are looking for:

    The Inside and Outside of NAT

    example: ip nat inside source static tcp 10.1.1.1 3389 100.100.100.1 3389
    CCIE Sec: Starting Nov 11
  • ahmedahmedahmedahmed Member Posts: 41 ■■□□□□□□□□
    May be to make it a little clearer here is scenarion that I want:

    For example I have two routers A and B. A and B are connected over the internet.
    router B has a LanB in 10.0.0.0 network and the public ips are in the x.x.x.0 for internet access.
    router A is located at a remote location and has a public ip of y.y.y.0 network.

    When I connect to router A using y.y.y.0 over the internet it automatically gets routed to x.x.x.0 over the internet and then to the LanB.
  • elderkaielderkai Member Posts: 279
    Theoretically, you could double NAT it. Use NAT to translate the traffic from B's lan segment and then NAT to translate B into A. Since your scenario involves connecting over the internet, I'd imagine you'd use a tunnel of some sort and that should still be possible. What interest do you have in a situation like that?


    To add on to your topic question, an IP address doesn't have to be private to translate. NAT can be used to translate any kind of ipv4 address to another.
  • ahmedahmedahmedahmed Member Posts: 41 ■■□□□□□□□□
    No I dont want to set up any tunnel between router A and B

    The scenario is like this:

    Router A(external internet ip:y.y.y.2)
    Internet
    Router B(external internet ip x.x.x.3)
    LabB(10.0.0.0)

    Once I access y.y.y.y.2 automatically traffic is channeled to x.x.x.3 where regular nat translates it to 10.0.0.2, there is no tunnel between Router A and B only the internet.
  • xXErebuSxXErebuS Member Posts: 230
    Is there a reason behind this? In short yes you can NAT whatever you want.
  • ahmedahmedahmedahmed Member Posts: 41 ■■□□□□□□□□
    I have a small Lan(10.0.0.0) with a cisco gateway router as the gateway. My users are remote and they are required to use RDP to login to out systems and this is woriking fine.
    However I have a group of users that are located at a very far distance and when they connect through RDP the ping is very high (high latency) and thus some applications they are required to use do not function properly.
    I want to put a second router close the the users at the far distance so that their traffic is routed to the second router and redirected to the Lan router by the ISP using its back bone route hence reducing the Latency.
    Here is what my scenario looks like:

    Lets say my Main network Router is R1 and the second router I want to put at the remote location is R2


    Remote user
    (InternetRDP/http)
    (1.1.1.1)R2
    Internet
    (2.2.2.2)R1
    Lan(10.0.0.0)


    Remote user through the internet access 1.1.1.2(internet Ip address of R2) and is automatically redirected to R1 (2.2.2.2 Internet Ip of R1)
    at R2 1.1.1.1 is automatically translated to 2.2.2.2 without the user having to actually login to R2 and then trying to access R1.
    R1 does the regular Nat to direct traffic to the relevant Lan server.


    I have attempted to use VPN on a Stick so that the client uses VPN client to access R2 then the client uses the ISPs address to the internet to access R1 but this requires to install VPN client on the client so I am looking at if there is any other option.
    The only reason I want to set up R2 is so that their traffic is boosted by the ISP at R2 and then directed to R1, so I only want it to connect to the ISP router to R2 and no other infrastructure.

    Here is the configuration i came up with:
    for R1:
    ip name-server 10.0.0.1
    interface gi0/0
    ip address 10.0.0.254 255.255.255.0

    interface gi0/1
    ip address 2.2.2.2 255.255.255.0

    ip route 0.0.0.0 0.0.0.0 2.2.2.253
    ip nat inside source static 2.2.2.3 10.0.0.2
    ip nat inside source static 2.2.2.4 10.0.0.3

    R2: (R2 only has one interface which is connected to the internet)
    interface gi0/1
    ip address 1.1.1.1 255.255.255.0
    ip nat outside
    ip virtual-reassembly
    ip policy route-map Nat-on-Stick

    interface Loopback0
    ip address 10.11.0.1 255.255.255.0
    ip nat inside
    ip virtual-reassembly

    access-list 144 permit ip 1.1.1.0 0.0.0.255 any


    route-map VPN-Client permit 10
    match ip address 144
    set ip next-hop 10.11.0.2

    ip nat inside source static 1.1.1.2 2.2.2.3
    ip nat inside source static 1.1.1.3 2.2.2.4
  • xXErebuSxXErebuS Member Posts: 230
    ahmedahmed wrote: »
    I have a small Lan(10.0.0.0) with a cisco gateway router as the gateway. My users are remote and they are required to use RDP to login to out systems and this is woriking fine.
    However I have a group of users that are located at a very far distance and when they connect through RDP the ping is very high (high latency) and thus some applications they are required to use do not function properly.
    I want to put a second router close the the users at the far distance so that their traffic is routed to the second router and redirected to the Lan router by the ISP using its back bone route hence reducing the Latency.
    Here is what my scenario looks like:

    Lets say my Main network Router is R1 and the second router I want to put at the remote location is R2


    Remote user
    (InternetRDP/http)
    (1.1.1.1)R2
    Internet
    (2.2.2.2)R1
    Lan(10.0.0.0)


    Remote user through the internet access 1.1.1.2(internet Ip address of R2) and is automatically redirected to R1 (2.2.2.2 Internet Ip of R1)
    at R2 1.1.1.1 is automatically translated to 2.2.2.2 without the user having to actually login to R2 and then trying to access R1.
    R1 does the regular Nat to direct traffic to the relevant Lan server.


    I have attempted to use VPN on a Stick so that the client uses VPN client to access R2 then the client uses the ISPs address to the internet to access R1 but this requires to install VPN client on the client so I am looking at if there is any other option.
    The only reason I want to set up R2 is so that their traffic is boosted by the ISP at R2 and then directed to R1, so I only want it to connect to the ISP router to R2 and no other infrastructure.

    Here is the configuration i came up with:
    for R1:
    ip name-server 10.0.0.1
    interface gi0/0
    ip address 10.0.0.254 255.255.255.0

    interface gi0/1
    ip address 2.2.2.2 255.255.255.0

    ip route 0.0.0.0 0.0.0.0 2.2.2.253
    ip nat inside source static 2.2.2.3 10.0.0.2
    ip nat inside source static 2.2.2.4 10.0.0.3

    R2: (R2 only has one interface which is connected to the internet)
    interface gi0/1
    ip address 1.1.1.1 255.255.255.0
    ip nat outside
    ip virtual-reassembly
    ip policy route-map Nat-on-Stick

    interface Loopback0
    ip address 10.11.0.1 255.255.255.0
    ip nat inside
    ip virtual-reassembly

    access-list 144 permit ip 1.1.1.0 0.0.0.255 any


    route-map VPN-Client permit 10
    match ip address 144
    set ip next-hop 10.11.0.2

    ip nat inside source static 1.1.1.2 2.2.2.3
    ip nat inside source static 1.1.1.3 2.2.2.4


    So let me get this right to start with before we start looking at anything; users are logging in remotely via RDP? I am assuming they are using RDP to log onto a computer inside the 10.0.0.0 LAN.... Do you see the issue with this?
  • ahmedahmedahmedahmed Member Posts: 41 ■■□□□□□□□□
    I am not sure of what you are trying to say?
    I want users to be able to access R1's Lan in 10.0.0.0 network directly vi R1s internet IP and other users that are far away close to R2 to use R2s internet address to come to the R1s 10.0.0.0 Lan
  • xXErebuSxXErebuS Member Posts: 230
    How is the traffic being secured? Do you have the traffic secured over the internet as they are typing in their more than likely domain passwords?
  • MonkerzMonkerz Member Posts: 842
    Simple answer, no. NAT doesn't direct traffic whatsoever. I see what you are trying to do, but the concept of this being a solution boggles me.

    Forgetting about your NAT issues, adding an additional router smack in the middle of a connection is for sure not going to magically re-route traffic to a latency free span of the internet.
  • astorrsastorrs Member Posts: 3,139 ■■■■■■□□□□
    Monkerz wrote: »
    Forgetting about your NAT issues, adding an additional router smack in the middle of a connection is for sure not going to magically re-route traffic to a latency free span of the internet.
    Exactly what I was telling him over here: networking-forum.com - View topic - Route one public IP automatically to another Public IP. ;)
  • ahmedahmedahmedahmed Member Posts: 41 ■■□□□□□□□□
    Guys appreciate your help!
    How would I be able to achieve this goal?
  • xXErebuSxXErebuS Member Posts: 230
    I would still like to know how you are securing the traffic.....
  • ahmedahmedahmedahmed Member Posts: 41 ■■□□□□□□□□
    I wasn't considering this option but you are right xXErebuS to secure traffic between the two routers I am going to have to do an Ipsec over GRE Tunnel but my only fear still is the increased latency!!!.
    Secondly how would the traffic be automatically be router since my client is not located at an office rather he uses the internet to access R2 from where the traffic would be automaticallly be routed.

    I would provide my tunelling configuration by tomorrow.
Sign In or Register to comment.