Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

How to access Wan IP by nat

Dear friends,

I have a very small diagram regrding natting. R1<->R2, R2<->R3. I have configured static nat on the R2 router.

R1------------------------------------------R2-----------------------------------------------------R3  200.1.1.1

   f0/0-10.1.1.1                   10.2   f0/0-20.1                                      20.2

Configuration Below:

ip nat inside source static tcp 10.1.1.1 1080 10.1.1.5 23 extendable

If I want to access R3's loop back address how I will access and from R3 how I will access to R1.

Ex: Telnet 200.1.1.1 like this

And what is the use of Extendable here????????

Please help!!!!!

Regrads,

Sanjib

5 REPLIES
Hall of Fame Super Blue

Re: How to access Wan IP by nat

Sanjib

From R1 you would just telnet to 200.1.1.1 on R3. R1's IP address will appear as 10.1.1.5 so you need to make sure there is a route on R3 for this IP. If you are using 10.1.1.0/24 between R1 and R2 only R3 would need to have a route for that subnet as R2 is locally connected.

From R3 you telnet to 10.1.1.5 but that would change the port number to 1080 and R1  will not respond in terms of telnettting in.  You could also still telnet to 10.1.1.1 and that would allow telnet.

If you want to telnet to 10.1.1.5 from R3 and still get in then change your NAT statmement to use TCP port 23 on both IPs.

The extendable keyword is used, for example, where you map the same local IP to multiple global IPs and the router needs to do a full translation to keep track of which global IP is being used. So i don't think it is needed in your configuration but i don't have anything to test with to be absolutely sure.

Jon

Community Member

Re: How to access Wan IP by nat

Dear Jon,

I tried to telnet 200.1.1.1 but unable to access:

On R2:

ip nat inside source static tcp 10.1.1.1 1080 20.1.1.5 23

On R1:

R1#telnet 200.1.1.1

Trying 200.1.1.1 ...

% Connection timed out; remote host not responding

Mar  1 00:06:29.855: IP: tableid=0, s=10.1.1.1 (FastEthernet0/0), d=200.1.1.1 (Loopback1), routed via RIB

*Mar  1 00:06:29.855: IP: s=10.1.1.1 (FastEthernet0/0), d=200.1.1.1, len 44, rcvd 4

R3(config)#

*Mar  1 00:06:31.835: IP: tableid=0, s=10.1.1.1 (FastEthernet0/0), d=200.1.1.1 (Loopback1), routed via RIB

*Mar  1 00:06:31.835: IP: s=10.1.1.1 (FastEthernet0/0), d=200.1.1.1, len 44, rcvd 4

R3(config)#

*Mar  1 00:09:15.931: IP: tableid=0, s=10.1.1.1 (FastEthernet0/0), d=200.1.1.1 (Loopback1), routed via RIB

*Mar  1 00:09:15.931: IP: s=10.1.1.1 (FastEthernet0/0), d=200.1.1.1, len 44, rcvd 4

R3(config)#

*Mar  1 00:09:17.903: IP: tableid=0, s=10.1.1.1 (FastEthernet0/0), d=200.1.1.1 (Loopback1), routed via RIB

*Mar  1 00:09:17.903: IP: s=10.1.1.1 (FastEthernet0/0), d=200.1.1.1, len 44, rcvd 4

R3(config)#

int f0/0

  ip add 10.1.1.1 255.255.255.0

  no shut

  ip route 0.0.0.0 0.0.0.0 10.1.1.2

int f0/1

  ip nat outside

  int f0/0

  ip nat inside

  exi

  ip route 0.0.0.0 0.0.0.0 20.1.1.1

  int f0/0

  ip add 10.1.1.2 255.255.255.0

  no shut

  int f0/1

  ip add 20.1.1.2 255.255.255.0

  no shut

  exit

  ip nat inside source static 10.1.1.1 1080 20.1.1.5 23

  ip nat inside source static tcp 10.1.1.1 1080 20.1.1.5 23

int f0/0

  ip add 20.1.1.1 255.255.255.0

  no shut

  int l1

  ip add 200.1.1.1 255.255.255.0

  exi

  ip route 20.1.1.5 255.255.255.255 20.1.1.2

R1#telnet 200.1.1.1
Trying 200.1.1.1 ...
% Connection timed out; remote host not responding

On R3:

After debug Enabled:

Mar  1 00:06:29.855: IP: tableid=0, s=10.1.1.1 (FastEthernet0/0), d=200.1.1.1 (Loopback1), routed via RIB
*Mar  1 00:06:29.855: IP: s=10.1.1.1 (FastEthernet0/0), d=200.1.1.1, len 44, rcvd 4
R3(config)#
*Mar  1 00:06:31.835: IP: tableid=0, s=10.1.1.1 (FastEthernet0/0), d=200.1.1.1 (Loopback1), routed via RIB
*Mar  1 00:06:31.835: IP: s=10.1.1.1 (FastEthernet0/0), d=200.1.1.1, len 44, rcvd 4
R3(config)#
*Mar  1 00:09:15.931: IP: tableid=0, s=10.1.1.1 (FastEthernet0/0), d=200.1.1.1 (Loopback1), routed via RIB
*Mar  1 00:09:15.931: IP: s=10.1.1.1 (FastEthernet0/0), d=200.1.1.1, len 44, rcvd 4
R3(config)#
*Mar  1 00:09:17.903: IP: tableid=0, s=10.1.1.1 (FastEthernet0/0), d=200.1.1.1 (Loopback1), routed via RIB
*Mar  1 00:09:17.903: IP: s=10.1.1.1 (FastEthernet0/0), d=200.1.1.1, len 44, rcvd 4
R3(config)#

Nat not working on R2

Please help?????

Configuration on R1:

int f0/0
  ip add 10.1.1.1 255.255.255.0
  no shut
  ip route 0.0.0.0 0.0.0.0 10.1.1.2

Configuration On R2:

int f0/1
  ip nat outside
  int f0/0
  ip nat inside
  exi
  ip route 0.0.0.0 0.0.0.0 20.1.1.1
  int f0/0
  ip add 10.1.1.2 255.255.255.0
  no shut
  int f0/1
  ip add 20.1.1.2 255.255.255.0
  no shut
  exit
  ip nat inside source static tcp 10.1.1.1 1080 20.1.1.5 23

Configuration On R3:

int f0/0
  ip add 20.1.1.1 255.255.255.0
  no shut
  int l1
  ip add 200.1.1.1 255.255.255.0
  exi
 

Hall of Fame Super Blue

Re: How to access Wan IP by nat

Sanjib

My apologies, with this statement -

ip nat inside source static tcp 10.1.1.1 1080 10.1.1.5 23

it will only work from R3 to R1 because you are doing port translation and so when you telnet from R1 unless the source port is 1080 then the NAT is not applied.

If you want to telnet both ways then you need to change your NAT statement, so remove the ones you have and add this -

ip nat inside source static 10.1.1.1 10.1.1.5

this NAT statement will allow you to telnet both ways and translate the 10.1.1.1 IP to 10.1.1.5.

Jon      

Community Member

Re: How to access Wan IP by nat

Dear Jon,

Still it is not working from R3 to R1...

R3#telnet 20.1.1.5

Trying 20.1.1.5 ...

% Connection refused by remote host

Nat Configuration on R2:

R2(config)#ip nat inside source static tcp 10.1.1.1   1080   20.1.1.5   23

Is there any method to change the source port while accessing any other device????

And how to access R3 from R1 by using port address translation like above statement.

Please help Jon!!!

Regards,

Sanjib

Hall of Fame Super Blue

Re: How to access Wan IP by nat

Sanjib

I'm trying to help but you need to read what i am saying. You cannot use the NAT statement you have because telnet is port 23 but you are changing it to port 1080 which is not telnet so R1 won't answer. If you want to only telnet from R3 to R1 -

ip nat inside source static tcp 10.1.1.1 23 20.1.1.5 23

but that would then not work it you telnet from R1 to R3 because the source port will not be 23 so the NAT translation will not take effect.. If you want to telnet both ways then you need to remove the ports from yout NAT statement -

ip nat inside source static 10.1.1.1 20.1.1.5

If you wanted to access R3 by using port address translation you would need to specify the source port. I don't think is possible with IOS. The use of port forwarding in IOS is used generally from outside to inside and not the other way round.

Jon

395
Views
8
Helpful
5
Replies
CreatePlease to create content