07-07-2009 03:20 AM - edited 03-04-2019 05:20 AM
Hi all,
I'm trying to setup a backdoor to access to a PDU when first link down.
I am sure that is possible do it with nat but i can't config it.
In the attachment there are a draw of my scenario, the access throght Router A is possible without problems via static nat.
My problem start when i try to access via HTTP trought Router B (2.2.2.2). The MasterSW send packets to their default gateway so connection can't work.
I need that NAT translate my IP (3.3.3.3) into LAN IP of Router B (192.168.120.2) then, MasterSW will see the conection from IP source 192.168.120.2.
Is this possible? Somebody can give me a clue for the config?
thanks in advance
Solved! Go to Solution.
07-07-2009 04:42 AM
David
Not what you asked though. Your request was -
"I need that NAT translate my IP (3.3.3.3) into LAN IP of Router B (192.168.120.2) then, MasterSW will see the conection from IP source 192.168.120.2."
and the config supplied does that. However it looks like you also need to access the remote MasterSW on 2.2.2.2.
This complicates the config considerably as there is no way to translate source IP addresses coming in from the outside without a NAT pool (unlike the pix/ASA devices).
So you need at least 2 spare addresses from the 192.168.120.x subnet. Lets assume you can use 192.168.120.4 -> 5.
On router B
===========
int fa0/0 (LAN interface)
ip nat inside --> (note this has changed from previous config)
int fa0/1 (WAN interface)
ip nat outside --> (note this has changed from previous config)
ip route 192.168.120.4 255.255.255.252 fa0/1
--> this is needed for return traffic from MasterSW because of the order of NAT/routing in IOS.
ip nat pool TPL 192.168.120.4 192.168.120.5 prefix-length 30
ip nat inside source static tcp 192.168.120.30 80 2.2.2.2 80
ip nat outside source list 101 pool TPL
ip nat pool TPL 192.168.120.4 192.168.120.5 prefix-length 30
access-list 101 permit tcp host 3.3.3.3 host 2.2.2.2 eq 80
Jon
07-07-2009 03:36 AM
David
router B
int fa0/0 (LAN interface)
ip nat outside
int fa0/1 (WAN interface)
ip nat inside
access-list 101 permit ip host 3.3.3.3 host 192.168.120.30
ip nat inside source list 101 interface fa0/0 overload
Jon
07-07-2009 03:49 AM
Thank you for your answer Jon but this not work for me.
The config that you propose need that I try to access directly to the IP of MasterSW (192.168.120.30) but i need access to 2.2.2.2 (http://2.2.2.2) and router B must translate my query to 192.168.120.30:80
07-07-2009 04:42 AM
David
Not what you asked though. Your request was -
"I need that NAT translate my IP (3.3.3.3) into LAN IP of Router B (192.168.120.2) then, MasterSW will see the conection from IP source 192.168.120.2."
and the config supplied does that. However it looks like you also need to access the remote MasterSW on 2.2.2.2.
This complicates the config considerably as there is no way to translate source IP addresses coming in from the outside without a NAT pool (unlike the pix/ASA devices).
So you need at least 2 spare addresses from the 192.168.120.x subnet. Lets assume you can use 192.168.120.4 -> 5.
On router B
===========
int fa0/0 (LAN interface)
ip nat inside --> (note this has changed from previous config)
int fa0/1 (WAN interface)
ip nat outside --> (note this has changed from previous config)
ip route 192.168.120.4 255.255.255.252 fa0/1
--> this is needed for return traffic from MasterSW because of the order of NAT/routing in IOS.
ip nat pool TPL 192.168.120.4 192.168.120.5 prefix-length 30
ip nat inside source static tcp 192.168.120.30 80 2.2.2.2 80
ip nat outside source list 101 pool TPL
ip nat pool TPL 192.168.120.4 192.168.120.5 prefix-length 30
access-list 101 permit tcp host 3.3.3.3 host 2.2.2.2 eq 80
Jon
07-07-2009 06:24 AM
Sorry for the inconvenients Jon. My english is not so good as i would like :)
This config works perfectly, Thank you for your help
07-07-2009 06:43 AM
David
No problem, glad to have helped.
PS. - your English seems fine to me !
Jon
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: