How to do Source AND Destination NAT on the same router
(I used https://blog.ine.com/2008/02/15/the-inside-and-outside-of-nat as a reference. But it uses Frame Relay, I wanted to do the same for Ethernet.)Setup:
OUTSIDE INSIDE
R1-10.0.28.65------10.0.28.66-R2-172.16.24.2------------172.16.24.1-R3
Traffic is originated from the OUTSIDE first.
Config of R2:
interface Gi1
ip address 10.0.28.66 255.255.255.252
ip nat outside
interface Gi2
ip address 172.16.24.2 255.255.255.0
ip nat inside
! NAT translation is bidirectional. Traffic from outside to inside with a
! Destination of 10.0.28.66 will also hit this rule, even if it says " inside
! source"
ip nat inside source static 172.16.24.1 10.0.28.66
! NAT translation. This means that the we cannot use 172.16.24.2 as a source
! static translation. The return packet will arrive on R3 and he will see it as
! local and not even do the NAT translation. By using 172.16.245.25.100 and adding ! a static route towards 10.0.28.65, the route lookup will be done and then the
! NAT translation.
ip nat outside source static 10.0.28.65 172.16.25.100
ip route 172.16.24.254 255.255.255.255 10.0.28.65(it may be necessary to announce 172.16.25.100 in the rest of the network for the traffic to find it's way back to R2)
???
inside local inside global outside local outside global
172.16.24.1 10.0.28.66 172.16.24.2 10.0.28.65
????
