I think NAT is what I'm looking for here. But, maybe someone could help me out with this.
In a remote location we have an ISR4331 (*+ a C3650 Switch), which is connected back to HQ (*where I am located) on MPLS link via BGP. Also, this remote location has a Local Broadband router connected for Internet access. If I remote desktop to a PC in the remote location I am able to access the local broadband router's Admin GUI via a web browser. But, if I try to reach it from HQ, I cannot get there.
I believe the issue is that the broadband router does not see me as a LAN device connected to that router so it isn't letting me on. All the local addresses in that location are natted to be 10.77.3.2, going off the "show ip nat translations" command.
The interface connecting the local broadband router to the ISR is configured like so:
! ***Broadband Router interface on ISR4331*** interface GigabitEthernet0/0/2
description Uplink to Broadband Modem
ip address 10.77.3.2 255.255.255.0
ip nat outside
zone-member security INTERNET
! ! ***MPLS Interface*** interface GigabitEthernet0/0/1 description Private MPLS ip address <removed> zone-member security WAN speed 100 no negotiation auto ! ! ***Interface/Sub-Interfaces facing the 3650 Switch*** interface GigabitEthernet0/0/0 description Inside Interface to Switch no ip address speed 100 no negotiation auto spanning-tree portfast disable ! interface GigabitEthernet0/0/0.1 description Data/PCs encapsulation dot1Q 1 native ip address 10.7.1.1 255.255.255.0 ip nat inside zone-member security INSIDE ! interface GigabitEthernet0/0/0.2 description IP Phones encapsulation dot1Q 2 ip address 10.7.2.1 255.255.255.0 zone-member security INSIDE !
*There's a couple of other Sub-Interfaces on Gi0/0/0 for different Wi-Fi Networks as well...
Now, I am able to ping, from the HQ to 10.77.3.2, but I cannot ping the Broadband Router's LAN address, which is 10.77.3.1.
Also, running a traceroute from my PC in the HQ to 10.77.3.1, appears to stop at the MPLS interface address for Gi0/0/1
Would setting up a NAT make me be able to access the Modem from the HQ?
Based on your description of the issue I am not sure that it is an issue with address translation. I can think of a few things that might be the reason why you are having problems to access the broadband router from HQ:
1) is it possible that the broadband router has a security policy that accepts access from addresses that are "local" but not from addresses that are "remote"? Can you check that broadband router for any security policies that restrict access to it?
2) is it possible that the broadband router receives your IP packet requesting access and attempts to respond, but tries to send the response using its outside interface rather than by using the interface from which the request arrived?
ENCS 5400 is a purpose built compute platform for branch networking. Multiple VNFs (virtual network functions) can be hosted in the ENCS platform with flexible connectivity options.
There are multiple Layer2 software and hardware entities in a typi...
how do we restrict a router interfaces from directly connected to Some vlans? can any one help me to figureout?the question is Router should not have interfaces directly connected to Vlan 30 and Vlan 40
I've got a one problem. Me and my friend have the same ISP. I checked my External IP address at WhatIsMyIp.com and my friend do it to. And we saw we have the same External IP.So my question is can 2 routers have the same External IP address?If i'm right 2...
LISP Protocol (Location Identifier Separation Protocol)! - The LISP protocol has become a brilliant stardom with the digital transformation that we are now experiencing. - Today we will talk about the LISP protocol and its advantages and method of p...