Issue of same IP-Address on devices

internetuser9998 · ‎02-17-2023

Dear community members,

I need to ask you a way for something usually not happens. Assuming I have a device, where the IP-Address is set static to e.g., 192.178.20.6. In production use, only one of such devices is needed. For testing purposes, I have to run several of those devices at the same time. And now the problems come in. I'm NOT ABLE to change any hardware settings of the devices, including the static IP-Address there are listen to, as mentioned above.

So my question is basically: what is the best possible way (if exists) with a Cisco Router or Switch, to translate the IP-Address, based on the connected port (or MAC-Address maybe), so that I can access the devices from outside via different IP-Addresses (e.g. .20.7 .20.8 ...). Is there any casting method to translate the Address?

Thank you for your help!

balaji.bandi · ‎02-17-2023

as i understand if you not ale to change, then you can do NAT 1 to 1 based on the IP address.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Joseph W. Doherty · ‎02-17-2023

@balaji.bandi NAT suggestion should work, although I believe each of your same IP hosts would need to be behind its "own" NAT device.

internetuser9998 · ‎02-20-2023

Is there no possibility to map a specific IP-Address to an interface on the router?

Joseph W. Doherty · ‎02-20-2023

Not to accomplish what you want to do, at least as far as I know of.

internetuser9998 · ‎02-20-2023

https://community.cisco.com/t5/switching/multiple-machines-with-same-ip-address/td-p/1946052

In this community entry, a user wrote about a NAT-Device. I think it's a solution in our case, but which Device are such NAT-Devices? Are there some handy small devices, or do I have to take a router?

Joseph W. Doherty · ‎02-20-2023

Typically, a "NAT-Device" would be a router.

That noted, used 800 series ISRs (about $125 USD) might do the job, or, possibly even less expensive, might be some "home routers" (but they might want the backside client to take a DHCP IP from them).

MHM Cisco World · ‎02-20-2023

I think he want to access via telnet to different device using same public IP
you can do that with
line vty 0 4
rotary <<- use different rotary in each device

then in router that NATing private IP to public IP you need to config NAT
30<rotary number> + Public IP --> 23 Private IP

this you can use same one Public IP to access many Private IP

Joseph W. Doherty · ‎02-20-2023

Interesting approach. Something you can lab up?

MHM Cisco World · ‎02-20-2023

Sure friend,
I will lab and share result within One hour

MHM Cisco World · ‎02-20-2023

This is lab as my friend @Joseph W. Doherty request
I using same IP to access R3 and R4 via telnet rotary 3001 and 3002

hostname R1
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
!
!
no ip domain lookup
no ipv6 cef
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
ip address 100.0.0.1 255.255.255.0
ip nat outside
duplex full
!
interface FastEthernet1/0
ip address 10.0.0.1 255.255.255.0
ip nat inside
speed auto
duplex auto
!
interface FastEthernet1/1
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet2/0
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet2/1
no ip address
shutdown
speed auto
duplex auto
!
interface Serial3/0
no ip address
shutdown
serial restart-delay 0
!
interface Serial3/1
no ip address
shutdown
serial restart-delay 0
!
interface Serial3/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial3/3
no ip address
shutdown
serial restart-delay 0
!
interface GigabitEthernet4/0
no ip address
shutdown
negotiation auto
!
ip nat inside source static tcp 10.0.0.3 23 100.0.0.10 3001 extendable
ip nat inside source static tcp 10.0.0.4 23 100.0.0.10 3002 extendable
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
!
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line vty 0 4
login
!
!
end

R1#

Joseph W. Doherty · ‎02-20-2023

I don't believe this will support what the OP is trying to achieve, assuming I correctly understand what OP is trying to achieve and also assuming I correctly understand what you've done.

For starters, although OP didn't discuss port usage (or only using telnet), I've been presuming OP wants to access multiple hosts, using different IPs, but using the same port numbers.

For example consider:

testing system <> system being tested
testing system <> system being tested
testing system <> system being tested

Where the testing system is just one physical system, but the systems being tested are multiple physical systems, all using the same IP (and possible same app ports).

Your approach, mentioning using a dialer, started me wondering whether VRFs might be used.

We can certainly have multiple systems being tested, each in their own VRF, using the same IP.

Might it be possible we could map a single testing system to appear with different IPs (NAT) then PBR to a different VRF based on testing system NATed IP?

I don't know the answer. Not something I've ever tried, especially if we're limited to one Cisco device, but perhaps with two?

E.g. testing system (192.168.1.1) <inside> RTR[NAT] <outside> (192.168.2.1..254) <PBR> L3SW <VRFs> (1..254) systems being tested (192.178.20.6)

MHM Cisco World · ‎02-20-2023

so that I can access the devices from outside <<<- he mention that he want access device from outside, I take telnet as example.
you can do same for SSH instead using known port you can use any port and in the NATing router you will NATing the unknown port to known port for specific device

for VRF he dont mention using VRF, and from my experience there is some bug of using static PAT with VRF.
anyway if he want also VRF I will try lab it if my router image support static with VRF aware.

internetuser9998 · ‎02-20-2023

So let me clarify what I want. The basic idea is that two computer which are running the same static IP-Configuration, as you can see in the picture, need to have an external IP that differs. If the Admin-PC wants to connect to the services, the working PC are running he, e.g., reaches the first PC with an Address of 192.168.20.7 and the second PC with an Address of 192.168.20.8.

Do every traffic sent to 192.168.20.7 should end on PC1 (Interface G0/1 in this case), even if he usually listens to the 192.168.20.6 address. Same with PC2.

But how can I configure that. There should be a possibility by the IOS...

internetuser9998 · ‎02-20-2023

From Outside was meant the part on the administrative side of the connecting device (router or switch)