Can a Cisco router be used as a proxy through NAT?

R

RazorBlade2016-11-10 11:26:53

Computer networks

RazorBlade, 2016-11-10 11:26:53

Good afternoon colleagues!
There is some external service on which there is a restriction of access by IP, including my working external IP (Cisco 2911). Accordingly, from the working network, I can access this external service. Is it possible to somehow configure Cisco NAT outside-outside so that when I connect, for example, from home, I connect to the IP of the working cisco, and she has already sent me to an external service from her IP? But as I understand it, during NAT translation, Cisco forwards the source IP (home) and, accordingly, the external service sends a response packet directly to the source ip (home), and not cisco and the tcp session is not established. That is, you need NAT with a complete substitution of source ip, as a proxy does.
upd: added a picture for understanding

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

T

TyzhSysAdmin, 2016-11-10
@POS_troi

Uh .. I didn’t understand where what and how you are trying to nat :)
Generally
HOME -> VPN -> WORK
1. disable def gw
2. route add -net $SITE_IP gw $VPN

M

Max, 2016-11-10
@MaxDukov

the essence of NAT is address translation (Network Address Translation). So the address of your tsiska will go to the server.

A

Alexander, 2016-11-10
@ferrum90

Just the opposite, the source IP is nativatsya, and the destanation remains unchanged, and when it is resolved from RIB, it must point to the interface on which ip nat outside is written.
If nat nvi is enabled, then you don’t need to tag the interfaces, but since you don’t have 2.2.2.2 directly connected, you won’t be
able to nat it. Here’s the solution:
An IP-IP tunnel rises between the host and the router.
On host :ip route [service ip] [ip tunnel0]
On router:
Tunnel0 nat inside
L3-to-ISP nat outside
ip nat inside source [your ip] [L3-to-ISP] overload