cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
844
Views
0
Helpful
5
Replies

Nat for backdoor

david.sua
Level 1
Level 1

Hi all,

I'm trying to setup a backdoor to access to a PDU when first link down.

I am sure that is possible do it with nat but i can't config it.

In the attachment there are a draw of my scenario, the access throght Router A is possible without problems via static nat.

My problem start when i try to access via HTTP trought Router B (2.2.2.2). The MasterSW send packets to their default gateway so connection can't work.

I need that NAT translate my IP (3.3.3.3) into LAN IP of Router B (192.168.120.2) then, MasterSW will see the conection from IP source 192.168.120.2.

Is this possible? Somebody can give me a clue for the config?

thanks in advance

1 Accepted Solution

Accepted Solutions

David

Not what you asked though. Your request was -

"I need that NAT translate my IP (3.3.3.3) into LAN IP of Router B (192.168.120.2) then, MasterSW will see the conection from IP source 192.168.120.2."

and the config supplied does that. However it looks like you also need to access the remote MasterSW on 2.2.2.2.

This complicates the config considerably as there is no way to translate source IP addresses coming in from the outside without a NAT pool (unlike the pix/ASA devices).

So you need at least 2 spare addresses from the 192.168.120.x subnet. Lets assume you can use 192.168.120.4 -> 5.

On router B

===========

int fa0/0 (LAN interface)

ip nat inside --> (note this has changed from previous config)

int fa0/1 (WAN interface)

ip nat outside --> (note this has changed from previous config)

ip route 192.168.120.4 255.255.255.252 fa0/1

--> this is needed for return traffic from MasterSW because of the order of NAT/routing in IOS.

ip nat pool TPL 192.168.120.4 192.168.120.5 prefix-length 30

ip nat inside source static tcp 192.168.120.30 80 2.2.2.2 80

ip nat outside source list 101 pool TPL

ip nat pool TPL 192.168.120.4 192.168.120.5 prefix-length 30

access-list 101 permit tcp host 3.3.3.3 host 2.2.2.2 eq 80

Jon

View solution in original post

5 Replies 5

Jon Marshall
Hall of Fame
Hall of Fame

David

router B

int fa0/0 (LAN interface)

ip nat outside

int fa0/1 (WAN interface)

ip nat inside

access-list 101 permit ip host 3.3.3.3 host 192.168.120.30

ip nat inside source list 101 interface fa0/0 overload

Jon

Thank you for your answer Jon but this not work for me.

The config that you propose need that I try to access directly to the IP of MasterSW (192.168.120.30) but i need access to 2.2.2.2 (http://2.2.2.2) and router B must translate my query to 192.168.120.30:80

David

Not what you asked though. Your request was -

"I need that NAT translate my IP (3.3.3.3) into LAN IP of Router B (192.168.120.2) then, MasterSW will see the conection from IP source 192.168.120.2."

and the config supplied does that. However it looks like you also need to access the remote MasterSW on 2.2.2.2.

This complicates the config considerably as there is no way to translate source IP addresses coming in from the outside without a NAT pool (unlike the pix/ASA devices).

So you need at least 2 spare addresses from the 192.168.120.x subnet. Lets assume you can use 192.168.120.4 -> 5.

On router B

===========

int fa0/0 (LAN interface)

ip nat inside --> (note this has changed from previous config)

int fa0/1 (WAN interface)

ip nat outside --> (note this has changed from previous config)

ip route 192.168.120.4 255.255.255.252 fa0/1

--> this is needed for return traffic from MasterSW because of the order of NAT/routing in IOS.

ip nat pool TPL 192.168.120.4 192.168.120.5 prefix-length 30

ip nat inside source static tcp 192.168.120.30 80 2.2.2.2 80

ip nat outside source list 101 pool TPL

ip nat pool TPL 192.168.120.4 192.168.120.5 prefix-length 30

access-list 101 permit tcp host 3.3.3.3 host 2.2.2.2 eq 80

Jon

Sorry for the inconvenients Jon. My english is not so good as i would like :)

This config works perfectly, Thank you for your help

David

No problem, glad to have helped.

PS. - your English seems fine to me !

Jon

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: