I have a cisco router with 2 Wan interfaces. (all of the addresses are Global Public address, none of them are private).
Dialer 0 (Wan 1) - IP address for this case is 10.10.10.10/32.
Fastethernet4 (Wan 2) - IP address for this case is 184.108.40.206/30.
Interface Vlan1 - IP address is 220.127.116.11/29. (these are global Ip addresses - not private)
My default route is 0.0.0.0/0 -> Fastethernet4 18.104.22.168.
I have port forwarding:
ip nat inside source static tcp 22.214.171.124 3389 10.10.10.10 3389.
Ip nat outside.
ip nat inside.
My problem is that when I try RDP to 10.10.10.10 from the internet, I get the nat translation to -> 126.96.36.199 on 3389 tcp,
but the back route from the destination to the source, when the packet comes to the router it searches for te default route (because there is no specific route to this source from the internet) and it goes through Fastethernet 4 which has no Ip nat outside and the session wont close.
BTW, I can configure ip nat outside on Fast4, but I want to be able to RDP the host with 10.10.10.10 IP and with 188.8.131.52 IP.
when I RDP 10.10.10.10 it will go through the dialer0, and when I RDP 184.108.40.206 it will go through the ethernet.
how can I make the router take the flow that comes from the dialer and send it back to the dialer where it came from and not through the Default Route?
(the source Ip from the internet which creats the session always changes so I cant configure a PBR on Vlan1).
Solved! Go to Solution.
That is a great idea actually.
I will then nat the destination of the dialer to the host, and nat the source to another IP address (x.x.x.x) and then route it to the dialer. that's sounds good.
how is the command's syntax goes?
I have already ip nat inside source static tcp y.y.y.y 3389 interface Dialer0 3389
what else should I do for this?
(int vlan 1 - ip nat inside - the host)
(int dialer0 - ip nat outside - Wan1).
I will then have to configure the outside global ip address manually, wont I?
and I dont know it, it always changes.
correcr me if I'm wrong.
Actually you can get away with NATing only the source addresses incoming from dialer-interface to say 10.200.x.x/16. Incoming sources from Ethernet interface can still go out the same way.
The solution would work only if deNAT occurs AFTER routing decision has taken place in router logic flow.
You'll have to use 'ip nat ouside source' for NAT. This link may be helpful:
this is very helpful and very intresting (I didnt know about the add route command after ip nat outside).
I'll try it tommorow and update.
Tnx alot for now.
ok rais, thank you very much. it worked.
thank you for your great help.
BTW, the add route command after the nat outside didnt work, so I had to make a PBR for that.
do you have any idea why it didn't add it to the routing table?
as you can see here:
220.127.116.11 - global outside.
10.99.99.1 - Outside local
the nat takes place but the route doesnt.
ip nat outside source list SOURCE pool NATPOOL add-route
ip access-list extended SOURCE
permit tcp any host 18.104.22.168 eq 3389
ip nat pool NATPOOL 10.99.99.1 10.99.99.255 netmask 255.255.255.0
dodimat#sh ip nat translations | i 10.99.99
--- --- --- 10.99.99.1 22.214.171.124
tcp 126.96.36.199:3389 188.8.131.52:3389 10.99.99.1:11469 184.108.40.206:11469
dodimat#sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, + - replicated route
Gateway of last resort is 220.127.116.11 to network 0.0.0.0
B* 0.0.0.0/0 [20/0] via 18.104.22.168, 1d15h
22.214.171.124/8 is variably subnetted, 5 subnets, 3 masks
C 126.96.36.199/32 is directly connected, Dialer0
C 188.8.131.52/29 is directly connected, Vlan1
L 184.108.40.206/32 is directly connected, Vlan1
C 220.127.116.11/30 is directly connected, FastEthernet4
L 18.104.22.168/32 is directly connected, FastEthernet4
22.214.171.124/32 is subnetted, 1 subnets
C 126.96.36.199 is directly connected, Dialer0
and is there any possibility that the router will route the packet back to the interface which it came from? without natting?
This may be a rather extensive change for your network.
Here is the link. You can think of your two interfaces as customers with 0/0 space.
ok I know what is a VRF.
but let's say an end customer, only has 1 router with 2 wan interfaces.
how a vrf on the router will help me solve the problem of rouing the packet back the interface it came from.
there are only 3 interfaces.
VLAN1 - LAN.
if I'll configure
ip vrf forwarding XXX
how will it help me?
You will have to put your servers in at least two vrfs as well and exchange vpnv4 routes.
Message was edited by: RAIS AHMAD