Is it possible to use a Cisco router as proxy through the NAT?

Good afternoon colleagues!
There is some external service, which is access restriction by IP, including my work external IP (Cisco 2911). Accordingly, from the work network I can access this external service. Is it possible to configure Cisco NAT outside-outside, to the connection, like at home, I connected to cisco IP working, and she's already natila me to the external service from your IP? But I understand that with NAT translation Cisco sends source IP (home) and, accordingly, the external service sends a response packet directly to the source ip (home) and not the cisco and the tcp session is not established. We need a full NAT source ip spoofing, as does proxy.
upd: added picture for understanding
ef3db02505c94a3dbea70bc6be39d342.png
July 2nd 19 at 18:03
3 answers
July 2nd 19 at 18:05
Uh.. I do not understand where what and how you are trying to natit :)

In General
HOME -> VPN -> WORK
1. disable the def gw
2. route add -net $gw SITE_IP $VPN
Pro VPN you know, while I don't want him to fence for the sake of service. - Vaughn.Baumbac commented on July 2nd 19 at 18:08
: then draw a diagram of the connections, I honestly do not understand how you are trying to do - specifically how you your traffic on the working force the sculpture to cisk :) - logan66 commented on July 2nd 19 at 18:11
Added a picture in the theme. Connect the home PC to the address 1.1.1.1:8080 then there is nat on the external server 2.2.2.2:8080
Prescribed rule ip nat source static 1.1.1.1 2.2.2.2 tcp 8080 8080 extendable - Vaughn.Baumbac commented on July 2nd 19 at 18:14
+1 for VPN - Gwendolyn.Abbott commented on July 2nd 19 at 18:17
July 2nd 19 at 18:07
the essence of NAT - address translation (Network Address Translation). So the server will leave Your Cisco.
That's right, only in case of static nat, the headers package will be listed including the original source IP, and apparently the server responds inscribed on it, bypassing cisco.
In my example I tried the following configuration
ip nat source static tcp %externa_service_IP% 8080 %cisco_external_ip% 8080 extendable
while the external interface is enabled NVI NAT ip nat enable - Vaughn.Baumbac commented on July 2nd 19 at 18:10
July 2nd 19 at 18:09
On the contrary Natasa source IP and destanation is unchanged and resolve of the RIB it needs to specify the interface on which registered ip nat outside.
If you have enabled nat nvi, to mark interfaces are not necessary, but as 2.2.2.2 you are not directly connected, then natit it is not

Vskidku here is the solution:
Between the host and the router rises IP-IP tunnel.
Host :ip route [ip service] [ip tunnel0]
On the router:
Tunnel0 nat inside
L3-to-ISP nat outside
ip nat inside source [your ip] [L3-to-ISP] overload
External services not under my control, so there is nothing to rule can't and there is something to do in my query also will not be.
About directly connected, do not agree translation is created, but for the above reason, to see what logs to an external host I can't. - Vaughn.Baumbac commented on July 2nd 19 at 18:12
And where I wrote what you need on an external service to do something? Stream of course will create you a team entered. But work will not, for the above mentioned reasons. Concepts nat outside-outside there, when you ask nat nvi, just specify what should Natasja. And the maximum that you can refer to your implementation's IP address from the subnet of your External interface, but not external IP - logan66 commented on July 2nd 19 at 18:15
The host also makes no sense to bother, since I want to access from different devices, including phone.
In General, I realized that NAT will not work. I will do some proxy.
Thank you all for the answers. - Vaughn.Baumbac commented on July 2nd 19 at 18:18

Find more questions by tags CiscoComputer networks