Nat One Public IP to another Public IP

Is it possible to Nat a Public IP to another Public IP.
ie if I try to access RDP using a public ip x.x.x.x on say Router 1 it automatically get routed to y.y.y.y(another public ip) on another router ?

Find more posts tagged with

Comments

down77

This may be what you are looking for:

The Inside and Outside of NAT

example: ip nat inside source static tcp 10.1.1.1 3389 100.100.100.1 3389

ahmedahmed

May be to make it a little clearer here is scenarion that I want:

For example I have two routers A and B. A and B are connected over the internet.
router B has a LanB in 10.0.0.0 network and the public ips are in the x.x.x.0 for internet access.
router A is located at a remote location and has a public ip of y.y.y.0 network.

When I connect to router A using y.y.y.0 over the internet it automatically gets routed to x.x.x.0 over the internet and then to the LanB.

elderkai

Theoretically, you could double NAT it. Use NAT to translate the traffic from B's lan segment and then NAT to translate B into A. Since your scenario involves connecting over the internet, I'd imagine you'd use a tunnel of some sort and that should still be possible. What interest do you have in a situation like that?

To add on to your topic question, an IP address doesn't have to be private to translate. NAT can be used to translate any kind of ipv4 address to another.

ahmedahmed

No I dont want to set up any tunnel between router A and B

The scenario is like this:

Router A(external internet ip:y.y.y.2)

Internet

Router B(external internet ip x.x.x.3)

LabB(10.0.0.0)

Once I access y.y.y.y.2 automatically traffic is channeled to x.x.x.3 where regular nat translates it to 10.0.0.2, there is no tunnel between Router A and B only the internet.

TheNewITGuy

Sample Configuration Using the ip nat outside source static Command - Cisco Systems

xXErebuS

Is there a reason behind this? In short yes you can NAT whatever you want.

ahmedahmed

I have a small Lan(10.0.0.0) with a cisco gateway router as the gateway. My users are remote and they are required to use RDP to login to out systems and this is woriking fine.
However I have a group of users that are located at a very far distance and when they connect through RDP the ping is very high (high latency) and thus some applications they are required to use do not function properly.
I want to put a second router close the the users at the far distance so that their traffic is routed to the second router and redirected to the Lan router by the ISP using its back bone route hence reducing the Latency.
Here is what my scenario looks like:

Lets say my Main network Router is R1 and the second router I want to put at the remote location is R2

Remote user

(InternetRDP/http)

(1.1.1.1)R2

Internet

(2.2.2.2)R1

Lan(10.0.0.0)

Remote user through the internet access 1.1.1.2(internet Ip address of R2) and is automatically redirected to R1 (2.2.2.2 Internet Ip of R1)
at R2 1.1.1.1 is automatically translated to 2.2.2.2 without the user having to actually login to R2 and then trying to access R1.
R1 does the regular Nat to direct traffic to the relevant Lan server.

I have attempted to use VPN on a Stick so that the client uses VPN client to access R2 then the client uses the ISPs address to the internet to access R1 but this requires to install VPN client on the client so I am looking at if there is any other option.
The only reason I want to set up R2 is so that their traffic is boosted by the ISP at R2 and then directed to R1, so I only want it to connect to the ISP router to R2 and no other infrastructure.

Here is the configuration i came up with:
for R1:
ip name-server 10.0.0.1
interface gi0/0
ip address 10.0.0.254 255.255.255.0

interface gi0/1
ip address 2.2.2.2 255.255.255.0

ip route 0.0.0.0 0.0.0.0 2.2.2.253
ip nat inside source static 2.2.2.3 10.0.0.2
ip nat inside source static 2.2.2.4 10.0.0.3

R2: (R2 only has one interface which is connected to the internet)
interface gi0/1
ip address 1.1.1.1 255.255.255.0
ip nat outside
ip virtual-reassembly
ip policy route-map Nat-on-Stick

interface Loopback0
ip address 10.11.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly

access-list 144 permit ip 1.1.1.0 0.0.0.255 any

route-map VPN-Client permit 10
match ip address 144
set ip next-hop 10.11.0.2

ip nat inside source static 1.1.1.2 2.2.2.3
ip nat inside source static 1.1.1.3 2.2.2.4

xXErebuS

ahmedahmed wrote: »

I have a small Lan(10.0.0.0) with a cisco gateway router as the gateway. My users are remote and they are required to use RDP to login to out systems and this is woriking fine.
However I have a group of users that are located at a very far distance and when they connect through RDP the ping is very high (high latency) and thus some applications they are required to use do not function properly.
I want to put a second router close the the users at the far distance so that their traffic is routed to the second router and redirected to the Lan router by the ISP using its back bone route hence reducing the Latency.
Here is what my scenario looks like:

Lets say my Main network Router is R1 and the second router I want to put at the remote location is R2

Remote user
(InternetRDP/http)
(1.1.1.1)R2
Internet
(2.2.2.2)R1
Lan(10.0.0.0)

Remote user through the internet access 1.1.1.2(internet Ip address of R2) and is automatically redirected to R1 (2.2.2.2 Internet Ip of R1)
at R2 1.1.1.1 is automatically translated to 2.2.2.2 without the user having to actually login to R2 and then trying to access R1.
R1 does the regular Nat to direct traffic to the relevant Lan server.

I have attempted to use VPN on a Stick so that the client uses VPN client to access R2 then the client uses the ISPs address to the internet to access R1 but this requires to install VPN client on the client so I am looking at if there is any other option.
The only reason I want to set up R2 is so that their traffic is boosted by the ISP at R2 and then directed to R1, so I only want it to connect to the ISP router to R2 and no other infrastructure.

Here is the configuration i came up with:
for R1:
ip name-server 10.0.0.1
interface gi0/0
ip address 10.0.0.254 255.255.255.0

interface gi0/1
ip address 2.2.2.2 255.255.255.0

ip route 0.0.0.0 0.0.0.0 2.2.2.253
ip nat inside source static 2.2.2.3 10.0.0.2
ip nat inside source static 2.2.2.4 10.0.0.3

R2: (R2 only has one interface which is connected to the internet)
interface gi0/1
ip address 1.1.1.1 255.255.255.0
ip nat outside
ip virtual-reassembly
ip policy route-map Nat-on-Stick

interface Loopback0
ip address 10.11.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly

access-list 144 permit ip 1.1.1.0 0.0.0.255 any

route-map VPN-Client permit 10
match ip address 144
set ip next-hop 10.11.0.2

ip nat inside source static 1.1.1.2 2.2.2.3
ip nat inside source static 1.1.1.3 2.2.2.4

So let me get this right to start with before we start looking at anything; users are logging in remotely via RDP? I am assuming they are using RDP to log onto a computer inside the 10.0.0.0 LAN.... Do you see the issue with this?

ahmedahmed

I am not sure of what you are trying to say?
I want users to be able to access R1's Lan in 10.0.0.0 network directly vi R1s internet IP and other users that are far away close to R2 to use R2s internet address to come to the R1s 10.0.0.0 Lan

xXErebuS

How is the traffic being secured? Do you have the traffic secured over the internet as they are typing in their more than likely domain passwords?

Monkerz

Simple answer, no. NAT doesn't direct traffic whatsoever. I see what you are trying to do, but the concept of this being a solution boggles me.

Forgetting about your NAT issues, adding an additional router smack in the middle of a connection is for sure not going to magically re-route traffic to a latency free span of the internet.

astorrs

Monkerz wrote: »

Forgetting about your NAT issues, adding an additional router smack in the middle of a connection is for sure not going to magically re-route traffic to a latency free span of the internet.

Exactly what I was telling him over here: networking-forum.com - View topic - Route one public IP automatically to another Public IP.

ahmedahmed

Guys appreciate your help!
How would I be able to achieve this goal?

xXErebuS

I would still like to know how you are securing the traffic.....

ahmedahmed

I wasn't considering this option but you are right xXErebuS to secure traffic between the two routers I am going to have to do an Ipsec over GRE Tunnel but my only fear still is the increased latency!!!.
Secondly how would the traffic be automatically be router since my client is not located at an office rather he uses the internet to access R2 from where the traffic would be automaticallly be routed.

I would provide my tunelling configuration by tomorrow.