cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1132
Views
0
Helpful
2
Replies

Using NAT for remote management

j_wellman2005
Level 1
Level 1

Here is the problem I'm looking to crack:

I have multiple remote sites connected back into my infrastructure via satellite.  I'm building a GRE tunnel accross this satellite infrustructure to my user's routers.  I'm using EIGRP through these tunnels and everything is working great as far as connectivity to my users is concerned.  However, with each of these packages, I would like to be able to remotely manage the satellite modem.  My problem is that these modems all have the same web management IP address (192.168.1.1:80) and I can't change them.  I thought to myself, "too easy, this sounds like an excellant case for NAT!"  Either I'm tackling this thing all wrong or something because I can't seem to get it to work.  Here is what I've so far (IPs modified and extra info cut):

int t0

description Tunnel back Home

ip add 10.10.10.10 xxx.xxx.xxx.xxx

IP NAT OUTSIDE

ip nhrp xxx.xxx.x.x.x

.

.

.

int vlan 120

description Sat Modem (not in EIGRP table)

ip add 192.168.1.2 255.255.255.252

IP NAT INSIDE

int fa 0/1/7

switchport access vlan 120

ip nat inside source static tcp 192.168.1.1 80 interface t0 80

The remote router can now ping the dish so I know vlan connectivity is up.  If I try to web into the modem using the t0 interface IP (10.10.10.10) from Home station (ex 172.16.1.0 network), I can watch the NAT translations build on the remote router.  Something to the affect of this populates the nat translation table:

     10.10.10.10:80     192.168.1.1:80     172.16.1.1:56123     172.16.1.1:56123

     10.10.10.10:80     192.168.1.1:80     172.16.1.1:56155     172.16.1.1:56155

However, the webpage never loads.  Its like NAT is working in one direction but not the other.  I can't quite explain it.  Any help or insight would be greatly appreciated.  Thanks..

Josh

2 Replies 2

j_wellman2005
Level 1
Level 1

!!! Progress !!!

It turns out my NAT configuration was working wonderfully. I plugged in a laptop to simulate the modem management interface, installed a webserver, and then fired up wireshark to see what was hitting it. It turns out that when I tried to hit the remote computer from my home station network, everything displayed!! It only took about a second or two for the AAHHHAA moment to sink in when I realized that the modem that I was trying to access didn't understand default gateways like my computer does. It doesn't even have a setting for it. It only has an IP and mask. So now I have to figure out how to add a device to a network that doesn't understand gateways!!

Josh

So I've got a 95% solution.  I contacted the manufacturer of the  satellite system I was trying to monitor and sweet talked them until  they gave me the linux password that runs the whole thing.  Logging in I  ran a command to manually add a default route (route add default gw  192.168.1.2 eth0) and everything is working!!  So now from my anywhere  on my network, I can remotely log into my system to check its stats /  receive levels.  The reason I said 95% solution is that after a power  cycle, the unit no longer remembers the gateway address since I manually  entered it.  I tried modifying some of the config files so that it  would be there upon bootup but no joy as of yet.  I'm confident though  after all of the work I've done so far, I'll crack the last 5%.  Thanks  for all your advice.

Josh

Review Cisco Networking for a $25 gift card