• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

NAT / PAT

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> DMZ >> NAT / PAT Page: [1]
Login
Message << Older Topic   Newer Topic >>
NAT / PAT - 12.Feb.2005 6:05:00 PM   
jmansford

 

Posts: 1
Joined: 12.Feb.2005
Status: offline
I am trying to replace an aging Cisco router which is also being used as a firewall by a client of mine. They have some 32 public IP addresses of which about half are in use across their 8 web servers.
I will hopefully be replacing their current setup with a 3-leg setup with SQL Server etc. on an 'internal' portion and the web servers on the Perimeter.
On the Cisco box currently it is setup to NAT all of the web servers. However the NAT setup is somewhat more complex then I seem to be able to achieve with ISA server. For example all outgoing traffic from 192.168.5.5 maps to 1.2.3.105 and 192.168.5.7 maps to 1.2.3.107. There are forwarding rules to ensure that inbound traffic is forwarded correctly.
With ISA server, NAT only ever seems to map to the primary IP address on the external interface. This may not seem like an issue to most people, but it's important that outgoing SMTP goes out on the right IP address.

I know that this wouldn't be a problem if I do routing instead of NATing. But it would be nice to know if I can replicate the current behaviour of the Cisco box.
Post #: 1
RE: NAT / PAT - 12.Feb.2005 7:06:00 PM   
leonhughes

 

Posts: 149
Joined: 19.Mar.2001
From: UK
Status: offline
As you quite rightly pointed out and to the best of my knowledge this is the nature of outbound 'one to many' NAT in ISA. Presumably the reason this is important to you is for reverse lookup reasons on the SMTP address. Can you not just make the address you use for SMTP the primary address?

I'm not certain, but something like 'Rain Connect' might let you force certain traffic out using a particular IP. You can download a free trial from rainfinity.com, so it might be worth a try.

Leon.

(in reply to jmansford)
Post #: 2
RE: NAT / PAT - 9.Apr.2010 2:35:18 PM   
ferrix

 

Posts: 547
Joined: 16.Mar.2005
Status: offline
I just realized that a lot of people are using the term "one-to-one NAT" or "Static NAT" to refer to the functionality that we added to ISA with our IP Binder filter (i.e. binding of outbound traffic to a specific external interface).  Until now I didn't realize there were so many names for this.  So I'm going through a few of these ancient and unanswered forum threads and adding a link to IP Binder so future searchers can see there's a solution.

(in reply to leonhughes)
Post #: 3

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> DMZ >> NAT / PAT Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts