Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

Can i NAT 2 Public IPs to a single terminal server in a LAN

I have a 1900 series router and 2 DSL Lines. The client wants Remote Desktop access to both the 2 public static IPs provided by the ISP to the terminal server in the LAN. The following configurations are not working. Help required urgently.

interface Dialer1

ip address negotiated

ip mtu 1492

ip nat outside

ip virtual-reassembly in

encapsulation ppp

dialer pool 1

ppp authentication pap callin

ppp pap sent-username <> password 0 <>

!

interface Dialer2

ip address negotiated

ip mtu 1492

ip nat outside

ip virtual-reassembly in

encapsulation ppp

dialer pool 2

ppp authentication pap callin

ppp pap sent-username <> password 0 <>

!

ip nat inside source list 101 interface Dialer1 overload

ip nat inside source list 110 interface Dialer2 overload

ip nat inside source static tcp 192.168.2.x 3389 77.x.x.x 3389 extendable

ip nat inside source static udp 192.168.2.x 3389 77.x.x.x 3389 extendable

ip nat inside source static tcp 192.168.2.x 3389 217.17.x.x 3389 extendable

ip nat inside source static udp 192.168.2.x 3389 217.17.x.x 3389 extendable

ip route 0.0.0.0 0.0.0.0 Dialer2

!

access-list 101 permit tcp host 192.168.2.x any eq 3389

access-list 101 permit udp host 192.168.2.x any eq 3389

access-list 110 permit ip any any

The 192.168.2.x is the Terminal server IP and the 77.x.x.x and 217.17.x.x are the Public IPs and 3389 is the port number that the public IPs are statically mapped.

  • Remote Access
2 REPLIES

Re: Can i NAT 2 Public IPs to a single terminal server in a LAN

confused, your dialer interfaces say "ip address negotiated"?

Sent from Cisco Technical Support iPad App

Re: Can i NAT 2 Public IPs to a single terminal server in a LAN

The ISP provided with 2 static IPs for each individual link. If I put in the IP address given by the ISP then the subnet mask that is actually assigned to the IPs which is /32 is not acceptable to this dialer interface stating as a bad mask. Thats the reason I had put in as "ip address negotiated". But this is not creating any issue because if I go to the output for "sh ip int br" the dialers are getting the proper IP address that was given by the ISP with the proper /32 through IPCP.

702
Views
0
Helpful
2
Replies