cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
795
Views
0
Helpful
7
Replies

Telnet connection to hosts with the same ip address

gheorghefaur
Level 1
Level 1

Hi,

I'm trying to setup a test network with the topologie like in the attached picture.

Hosts H1 to H6 have the same ip address (192.168.1.1/24) and no other routes (are able to see only hosts in the same subnet). Those hosts are connected via a 1811 router to a PC. The PC should be able to telnet to each host, also each host should be able to ftp to PC. I tried to put them in separate VRF's and to do NAT, but it didn't work. Ip addressing on the router or on the PC doesn't matter.

Any idea how can be done that?

Thanks,

Yuti

NAT VRF

7 Replies 7

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello Yuti,

you should post your configurations.

have you checked

http://www.cisco.com/en/US/docs/ios/security/configuration/guide/sec_vrf_aware_fwall.html#wp1049170

is the pc on the right in global routing table or in a VRF ?

It makes difference

Hope to help

Giuseppe

Hi Giuseppe,

Thanks for you reply. I didn't post any config and I don't have any requirement regarding in which routing table the PC is -- to not confuse people, it really doesn't matter the configuration of the router and the PC as far the requirements are meet (PC is able to telnet to hosts, and hosts to ftp to PC).

Thanks again,

Yuti

Hello Yuti,

my understanding is that VRF aware NAT has some limitations and is thought to perform NAT between a VRF and an interface in global routing table

if it is so where the PC on the right is connected makes the difference

see the link in my first post should contain notes about limitations of VRF aware NAT.

Hope to help

Giuseppe

Peter010101
Level 1
Level 1

"Ip addressing on the router or on the PC doesn't matter."

Change the IP addresses on the router and the hosts.

router = 192.168.1.1/24

h1 = 192.168.1.5 /24

h2 = 192.168.1.6 /24

h3 = 192.168.1.7 /24

h4 = 192.168.1.8 /24

h5 = 192.168.1.9 /24

h6 = 192.168.1.10 /24

Maybe i didn't was clear enough: any ip address and any technology (NAT, route-maps, etc) can be used on the router, but not on H1...H6. H1,H2, ..H6 should have the same ip address (192.168.1.1/24) and don't have any route. I placed them by example in separate VRF's and i tried to NAT them in each VRF, but i can't accomplish the requirement. By example, if i place them in the inside - then replies of H1...H6 don't have a route to the initiator of connection.

Thanks,

OK, finally i found a solution and i post it, maybe someone will need this unusual configuration. I put H1...H6 in different VRF's, i NAT them inside and i redistribute routes between VRF's (config attached).

What is strange (for me :)) is that i used cisco routers to simulate H1 to H6 with ip routing disabled and without default-gateway set. Unexpected for me is that even H1...H6 doesn't have default gateway set -- are still able to reply to the hosts in a different subnet. With the ip routing enabled, is doing my expected behavior, is able to reply only to hosts in the same subnet...Thanks again to people who tried to help me!

NAT VRF Route-leaking

Thanks for the post

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco