Equipment Support > Hardware By Brand > Cisco > NAT redirection?

NAT redirection?

If you need to do it with JUST the router, you might not be able to use the traditional inside/outside nat to accomplish your objective. You will need to look into the nat virtual interface (NVI) and use "ip nat enable" on your interfaces. googling ip nat enable should probablly give you decent results.
Ideally for better NAT control you want a real firewall that can do policy NAT to rewrite anything anywhere any which way.
Good luck.

route map?

The question isnt necessarily so much acl vs routemap vs whatever. Its what interface is inside and what interface is outside.
You have a clear inside 192.168.0.0/24 (LAN) and clear outside (Internet) and another interface 192.168.1.0/24(somethingelse).
If you make the somethingelse an inside interface, I have never been able to successfully destination nat traffic from it. At the same time, if you make it an outside interface, it wont be souce-natted to get to the internet.
There is no clear inside or outside tag for that somethingelse interface as it would need to be inside for internet access but outside for dest nat purposes (rewrite packets dst to 1.2.3.4 to 192.168.0.10) which breaks the inside/outside model.
Thats why i suggested the NVI with ip nat enable because you could technicly try to rig something up with PBR and accomplish his goal.

reply to PA23

Many pieces of equipment are designed and engineered by people that have little or no network knowledge. This is particularly true of programable logic controllers and other process automation and control systems. For example, a large electric company I consulted for had systems that controlled their generators but the company that designed the control systems hard coded (as in the assembler code running on the chips) the 192.168.0.0 network in all of them, set to report information to 192.168.0.100 etc. This is cleraly idiotic however the only solution was to drop a small PIX in front of every management control network and do bi-directional NATting to ensure that the equipment was reachable throughout the company. I guess the people that built the control system for the generators never imagined that a company would have 7 different power plants on the same network... idiots. Aaaaanyways, its very common to find small hardware devices hard coded to talk to one thing or another (or with a hard set ip address that cant be changed) and this leads to all kinds of network trickery required like source and destination natting. I doubt that the NTP server is actually set to "1.2.3.4" however the point is valid, its set to something that isnt what he wants.

Another alternative is to actually add a network (or secondary network) to the router for the 1.2.3.0/24 and assign a secondary ip to the NTP server of 1.2.3.4.
That way no NAT at all is required and traffic is just routed to the correct device (eventhough the IP is still hard coded wrong). The only downside is that you are potentially blackholing internet-bound traffic to the 1.2.3.5 or 1.2.3.6 devices, so you might want to make the subnet as small as possible and see what you are blackholing. The same electric company before ended up blackholing proctor and gambles internet addresses trying to do just this same stunt to make some of their other hardware work. Not to mention the multiple moronicly-sized /15 "control" networks that sucked up the majority of their RFC1918 space.

reply to aryoba

said by aryoba:

If you don't want any of the devices to use NTP server of 1.2.3.4 at all, then maybe you should take NTP server of 1.2.3.4 off the device configuration. Implementing NAT in such setup would probably just make the network unnecessary complex.

Just my 2c

Id go for it, i dont know any reason why not.
If you are just doing it to play find the IPs its talking to and add secondary addresses to the LAN interface of your router and the NTP server. It would be a fast and simple way to redirect the traffic.