Solved: Need help to automatically Route Traffic to a Lan

orahman99 · ‎03-22-2013

I have a small Lan(10.0.0.0) with a cisco gateway router as the gateway. My users are remote and they are required to use RDP to login to out systems and this is woriking fine.

However I have a group of users that are located at a very far distance and when they connect through RDP the ping is very high (high latency) and thus some applications they are required to use do not function properly.

I want to put a second router close the the users at the far distance so that their traffic is routed to the second router and redirected to the Lan router by the ISP using its back bone route hence reducing the Latency.

Here is what my scenario looks like:

Lets say my Main network Router is R1 and the second router I want to put at the remote location is R2

Remote user----------------(InternetRDP/http)--------(1.1.1.1)R2------------------Internet-----------------------------------------(2.2.2.2)R1-----------Lan(10.0.0.0)

Remote user through the internet access 1.1.1.2(internet Ip address of R2) and is automatically redirected to R1 (2.2.2.2 Internet Ip of R1)

at R2 1.1.1.1 is automatically translated to 2.2.2.2 without the user having to actually login to R2 and then trying to access R1.

R1 does the regular Nat to direct traffic to the relevant Lan server.

I have attempted to use VPN on a Stick so that the client uses VPN client to access R2 then the client uses the ISPs address to the internet to access R1 but this requires to install VPN client on the client so I am looking at if there is any other option.

The only reason I want to set up R2 is so that their traffic is boosted by the ISP at R2 and then directed to R1, so I only want it to connect to the ISP router to R2 and no other infrastructure.

Please let me know if there is a better option than VPN on a Stick especially one that would automatically redirect traffic without the remote user knowing that there is a R1 or having to manually connect to R1.

blau grana · ‎03-30-2013

Hello obaid,

I did som testing in this scenario and I was able to create configuraiton which will suit your needs.

This is may test topology:

Router R3 is your existing office, router R1 is your new remote office and router R2 is internet.

R2 loopback is used as some internet subnet. Now I try to telnet to router R3 via public IP address of R1. On R3 is configured static NAT 3.3.3.3 -> 172.16.0.1 to simulate server on LAN segment.

R2#sh ip int brie

Interface IP-Address OK? Method Status Protocol

FastEthernet0/0 12.0.0.2 YES manual up up

FastEthernet0/1 23.0.0.2 YES manual up up

Loopback0 2.2.2.2 YES manual up up

R2#telnet 1.1.1.1 /sou

R2#telnet 1.1.1.1 /source-interface lo 0

Trying 1.1.1.1 ... Open

User Access Verification

Username: test

Password:

R3>sh ip int brie

Interface IP-Address OK? Method Status Protocol

FastEthernet0/0 23.0.0.3 YES manual up up

FastEthernet0/1 unassigned YES unset administratively down down

NVI0 unassigned NO unset up up

Loopback0 3.3.3.3 YES manual up up

Loopback1 172.16.0.1 YES manual up up

R3>

R3#sh users

Line User Host(s) Idle Location

* 0 con 0 idle 00:00:00

98 vty 0 test idle 00:00:41 1.1.1.1

R3#sh tcp brie

TCB Local Address Foreign Address (state)

65060BB8 172.16.0.1.23 1.1.1.1.40220 ESTAB

R1#sh ip nat tr

Pro Inside global Inside local Outside local Outside global

--- --- --- 1.1.1.1 3.3.3.3

tcp 1.1.1.1:23 1.1.1.1:23 2.2.2.2:40220 2.2.2.2:40220

tcp 1.1.1.1:40220 2.2.2.2:40220 1.1.1.1:23 3.3.3.3:23

R1#

As you can see, after telneting from R2 router to loopback of R1 router, I am logged to R3 router. Hope this will be helpful, I learned a lot during labbing

Best Regards

Please rate all helpful posts and close solved questions

Best Regards Please rate all helpful posts and close solved questions

View solution in original post

blau grana · ‎03-26-2013

Hello Obaid,

Basically you have described static NAT 1:1 or maybe static portforward if you need just some ports. Router R2 will be gateway between Remote users and R1.

Remote users will access public IP of R2 and automaticaly will be redirected to R1.

Best Regards

Please rate all helpful posts and close solved questions

Best Regards Please rate all helpful posts and close solved questions

orahman99 · ‎03-26-2013

I know how to do basic static Nat and I have it set it up on R1 so that clients can access R1 over the internet (2.2.2.2: 10.0.0.3) my confusion is how to put R2 in the loop.

for R1:

ip name-server 10.0.0.1

interface gi0/0

ip address 10.0.0.254 255.255.255.0

interface gi0/1

ip address 2.2.2.2 255.255.255.0

ip route 0.0.0.0 0.0.0.0 2.2.2.253

ip nat inside source static 2.2.2.3 10.0.0.2

ip nat inside source static 2.2.2.4 10.0.0.3

R2: (R2 only has one interface which is connected to the internet)

interface gi0/1

ip address 1.1.1.1 255.255.255.0

ip nat outside

ip virtual-reassembly

ip policy route-map Nat-on-Stick

interface Loopback0

ip address 10.11.0.1 255.255.255.0

ip nat inside

ip virtual-reassembly

access-list 144 permit ip 1.1.1.0 0.0.0.255 any

route-map VPN-Client permit 10

match ip address 144

set ip next-hop 10.11.0.2

ip nat inside source static 1.1.1.2 2.2.2.3

ip nat inside source static 1.1.1.3 2.2.2.4

Not sure but This is what I came up with!.

blau grana · ‎03-27-2013

Hello,

Try to follow these tutorials to configure NAT on Stick:

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094430.shtml

http://www.techrepublic.com/blog/networking/learn-to-configure-cisco-ios-nat-on-a-stick/486

Best Regards

Please rate all helpful posts and close solved questions

Best Regards Please rate all helpful posts and close solved questions

blau grana · ‎03-27-2013

Hello Obaid,

I am thinking about one more scenario, but I need more information about your setup on R1.

Does server have more IP addresses? Do you use static NAT 1:1 or just portforward?

Based on your answers I think it would be posible to configure GRE tunnels between R1 and R2. Guest users will access public IP of R2 and their requests will be forwarded via GRE tunnel to R1 and your server.

Best Regards

Please rate all helpful posts and close solved questions

Best Regards Please rate all helpful posts and close solved questions

orahman99 · ‎03-27-2013

Hello blau grana,

I have about 15 server on R1s Lan and each has its own internal/external IP ie have static Nat for each server to be accessed.

I dont have that much experience but my fear is that addign aGRE tunnel between R1 and R2 might just increase the latency much further as that is the main concern I have.

I had setup an alternate solution ie VPN on a Stick so that a remote client sets up a VPN with R2 and then through the internet the VPN traffic over the internet accessess R1, but in this case too there is an added latency and I want to avoid that.and I think a GRE tunnel would provide an even higher latency?

Please let me know your view.

Thanks

blau grana · ‎03-30-2013

Hello obaid,

I did som testing in this scenario and I was able to create configuraiton which will suit your needs.

This is may test topology:

Router R3 is your existing office, router R1 is your new remote office and router R2 is internet.

R2 loopback is used as some internet subnet. Now I try to telnet to router R3 via public IP address of R1. On R3 is configured static NAT 3.3.3.3 -> 172.16.0.1 to simulate server on LAN segment.

R2#sh ip int brie

Interface IP-Address OK? Method Status Protocol

FastEthernet0/0 12.0.0.2 YES manual up up

FastEthernet0/1 23.0.0.2 YES manual up up

Loopback0 2.2.2.2 YES manual up up

R2#telnet 1.1.1.1 /sou

R2#telnet 1.1.1.1 /source-interface lo 0

Trying 1.1.1.1 ... Open

User Access Verification

Username: test

Password:

R3>sh ip int brie

Interface IP-Address OK? Method Status Protocol

FastEthernet0/0 23.0.0.3 YES manual up up

FastEthernet0/1 unassigned YES unset administratively down down

NVI0 unassigned NO unset up up

Loopback0 3.3.3.3 YES manual up up

Loopback1 172.16.0.1 YES manual up up

R3>

R3#sh users

Line User Host(s) Idle Location

* 0 con 0 idle 00:00:00

98 vty 0 test idle 00:00:41 1.1.1.1

R3#sh tcp brie

TCB Local Address Foreign Address (state)

65060BB8 172.16.0.1.23 1.1.1.1.40220 ESTAB

R1#sh ip nat tr

Pro Inside global Inside local Outside local Outside global

--- --- --- 1.1.1.1 3.3.3.3

tcp 1.1.1.1:23 1.1.1.1:23 2.2.2.2:40220 2.2.2.2:40220

tcp 1.1.1.1:40220 2.2.2.2:40220 1.1.1.1:23 3.3.3.3:23

R1#

As you can see, after telneting from R2 router to loopback of R1 router, I am logged to R3 router. Hope this will be helpful, I learned a lot during labbing

Best Regards

Please rate all helpful posts and close solved questions

Best Regards Please rate all helpful posts and close solved questions

orahman99 · ‎04-01-2013

Hi Blau,

I am not able to see th png file if you ca repost it would be helpfull.

Thanks alot for your help and time.

blau grana · ‎04-01-2013

Hello Obaid,

here is topo:

http://www.ulozisko.sk/obrazky/602301/Diagram1.png

I hope I did no make mistake because I had to redraw it, it was already deleted.

Best Regards

Please rate all helpful posts and close solved questions

Best Regards Please rate all helpful posts and close solved questions

orahman99 · ‎04-26-2013

Sorry have been busy and didnt look at this since.

I was a bit confused from the configuration and diagram of R1 as the diagram has R1 with loopback 1.1.1.1 which I suppose represents the internet ip so in my case shouldn't 1.1.1.1 be the same as 12.0.0.1 since it is the internet ip?

blau grana · ‎05-04-2013

Hello obaid,

No, you will need 2 public IPs to perform both source and destination NAT. First IP will be used just to connect router to internet (12.0.0.1) and second IP (1.1.1.1) will be used for NAT (you can not use WAN interface IP to do static NAT 1:1).

Best Regards

Please rate all helpful posts and close solved questions

Best Regards Please rate all helpful posts and close solved questions