Am I asking for the impossible?

Unanswered Question
Jun 17th, 2008
User Badges:
  • Silver, 250 points or more

Hi All


Just a quick question.


I have a private network (10.x.x.x/16) in a lab in work and I would like to be able to access this lab from our corporate network.


I have a 7206 VXR at my disposal with IOS c7200-is-mz.122-23. I do not administer the corporate network so giving my 7206 an IP address on the corporate network is not an option.


I do administer a number of test lab subnets which are contactable from the corporate network. Is there any way I can configure one interface on the 7206 with an IP address on the private subnet and another interface with an IP address on a test lab subnet and some how be able to reach the 10.x.x.x/16 subnet from the corporate network?


I have tried adding a static route on my laptop, but it complains that the interface is not on the same subnet as the gateway address I am using (which I expected).


TIA for any and all suggestions.



Best Regards,


Michael

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
dominic.caron Tue, 06/17/2008 - 04:45
User Badges:
  • Silver, 250 points or more

What you need is a tunnel from your laptop to the 7206. I dont know if it's supported on that platform but EZVPN with the cisco vpn client would probably solve your issue.

Jon Marshall Tue, 06/17/2008 - 04:51
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Michael


Yes you are asking the impossible. Hope that helped !!


On a more serious note if you can route to the test lab subnets from the corporate network then you have a few options. Simplest would be to use the 7206 as a jump box. So you telnet onto that using the test lab subnet address and then from there you could telnet into your 10.x.x.x/16 lab maybe onto a router/switch. From there you should have full visibility of your 10.x.x.x/16 lab.


If you need to terminal service to a server in your 10.x.x.x/16 lab from your desktop then you will need to do NAT on the 7206. You could port forward on the test lab IP address on the 7206 interface.


Does this make sense ?


Jon

keeleym@o2.ie Tue, 06/17/2008 - 05:20
User Badges:
  • Silver, 250 points or more

Hi John


I had thought of NAT but had dismissed it.


I have configured NAT in the past when I wanted to get FROM a private network to a public address. However I do not know how to configure NAT to get from a public IP subnet to a private subnet. Is this possible?


The issue is I have some testers who do not want to work in the lab as it is cold and noisy. They want to work from their desks. The private subnet is stand alone as it is corporate policy that RFC 1918 subents are not routed across the corporate LAN.


I have other subnets available but these are of no use to the testers as the 10.x.x.x range they are using a from an external customer and are tied into aplications on the systems in the lab, so it would be a lot of hassle to change.


I was hoping that there was a quick solution which woudl enable me to fulfil their request to work from their desks.


Best Regards & Thanks for the input,


Michael

Actions

This Discussion