Here is the problem I'm looking to crack:
I have multiple remote sites connected back into my infrastructure via satellite. I'm building a GRE tunnel accross this satellite infrustructure to my user's routers. I'm using EIGRP through these tunnels and everything is working great as far as connectivity to my users is concerned. However, with each of these packages, I would like to be able to remotely manage the satellite modem. My problem is that these modems all have the same web management IP address (192.168.1.1:80) and I can't change them. I thought to myself, "too easy, this sounds like an excellant case for NAT!" Either I'm tackling this thing all wrong or something because I can't seem to get it to work. Here is what I've so far (IPs modified and extra info cut):
description Tunnel back Home
ip add 10.10.10.10 xxx.xxx.xxx.xxx
IP NAT OUTSIDE
ip nhrp xxx.xxx.x.x.x
int vlan 120
description Sat Modem (not in EIGRP table)
ip add 192.168.1.2 255.255.255.252
IP NAT INSIDE
int fa 0/1/7
switchport access vlan 120
ip nat inside source static tcp 192.168.1.1 80 interface t0 80
The remote router can now ping the dish so I know vlan connectivity is up. If I try to web into the modem using the t0 interface IP (10.10.10.10) from Home station (ex 172.16.1.0 network), I can watch the NAT translations build on the remote router. Something to the affect of this populates the nat translation table:
10.10.10.10:80 192.168.1.1:80 172.16.1.1:56123 172.16.1.1:56123
10.10.10.10:80 192.168.1.1:80 172.16.1.1:56155 172.16.1.1:56155
However, the webpage never loads. Its like NAT is working in one direction but not the other. I can't quite explain it. Any help or insight would be greatly appreciated. Thanks..
!!! Progress !!!
It turns out my NAT configuration was working wonderfully. I plugged in a laptop to simulate the modem management interface, installed a webserver, and then fired up wireshark to see what was hitting it. It turns out that when I tried to hit the remote computer from my home station network, everything displayed!! It only took about a second or two for the AAHHHAA moment to sink in when I realized that the modem that I was trying to access didn't understand default gateways like my computer does. It doesn't even have a setting for it. It only has an IP and mask. So now I have to figure out how to add a device to a network that doesn't understand gateways!!
So I've got a 95% solution. I contacted the manufacturer of the satellite system I was trying to monitor and sweet talked them until they gave me the linux password that runs the whole thing. Logging in I ran a command to manually add a default route (route add default gw 192.168.1.2 eth0) and everything is working!! So now from my anywhere on my network, I can remotely log into my system to check its stats / receive levels. The reason I said 95% solution is that after a power cycle, the unit no longer remembers the gateway address since I manually entered it. I tried modifying some of the config files so that it would be there upon bootup but no joy as of yet. I'm confident though after all of the work I've done so far, I'll crack the last 5%. Thanks for all your advice.