SSH not working witrh dynamic NAT

pankajs · ‎11-10-2005

A UNIX m/c only allows only SSH connection. To reach this server we need to source NAT. If we do static NAT then we are able to SSH into the UNIX server. But if we use dynamic NAT then we are not able to SSH to the same server. Please suggest!!

lgijssel · ‎11-10-2005

That is how it works with all systems that must be reachable behind a natting router or firewall.

Regardless of whether it's telnet, smtp or you name it, you must forward the port statically.

You can use both static and dynamic nat together though by using the command:

ip nat inside source static tcp/udp ....

This forwards only a single port, leaving the rest available for dynamic nat.

Regards,

Leo

pankajs · ‎11-10-2005

I have been trying this in a test lab. I am using a router.

UNIX server is behind interface e1. And all the clients are on interface e 0.

Following is the configuration that doesn't work for SSH only.

interface e 0

ip address 10.10.10.254 255.255.255.0

ip nat inside

interface e 1

ip address 172.16.130.1 255.255.255.0

ip nat outside

ip nat inside source list 1 pool test

ip nat pool test 172.16.131.2 172.16.131.200 netmask 255.255.255.0

access-list 1 permit 10.10.10.0 0.0.0.255

The following NAT configuration works for SSH:

interface e 0

ip address 10.10.10.254 255.255.255.0

ip nat inside

interface e 1

ip address 172.16.130.1 255.255.255.0

ip nat outside

ip nat inside source static 10.10.10.1 172.16.131.2

I have to do this statically for all the inside IPs.

Also I am not specifically concerned for SSH traffic. As I have to do it for all the traffic. But for some reason only SSH doesn't work.

lgijssel · ‎11-10-2005

Does your UX host have a route to network 172.16.131.0?

pankajs · ‎11-10-2005

yes, it has a route back.