Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2125
Views
0
Helpful
5
Replies

Telnet to private IP through Soho router

Go to solution
orthostaticindifference
Level 1
Level 1

‎09-23-2011 09:14 AM - edited ‎03-04-2019 01:43 PM

My Setup

Hi folks! I've been lurking on here a while, working hard to understand the basic networking concepts and eventually pursue the CISCO certs. I bought a lab and have since managed to setup a four router config (2610XM-DTE, 2621-DTE, 2501-DCE, and a linksys E1000 with routing, DHCP, and NAT turned off to make it a wirelss access point) with three switches (2@2950 and a 2924XL).

So far, I have managed to bring in my public IP using DHCP, and setup PAT. The network is fully functional, I can ping every interface, and reach the web on host PCs from any switchport. I am also able to telnet into the FastEthernet interface IPd with my public address.

My Issue

My concern right now is in feature support. I recently read on here that CISCO does not support UPnP, and due to my limited resources, I am using the only public IP I have to allow remote testing/learning on my lab. The issue is that I also have a PS3 and XBox 360 on this network that is requiring UPnP for certain online games and features.

The only solution I can see to this problem is to return my public IP back to the E1000 router, which is running RIP Version 2 (white papers said version 1, but a debup ip rip showed that updates were being ignored due to illegal version), and then poing my other three routers to it for outside access.

The questions I have in this scenario:

1. Will NAT still function if I use the E1000 and set the interfaces connecting to it as ip nat inside? I'm assuming that PAT is already hardcoded onto the router to allow for multiple connections to public IP space.

2. If my IP is 68.X.X.X, I set the E1000 to an IP of 192.168.1.1 and the FastEthernet it connects to is on my 2621 with an IP of 192.168.1.2, would it be possible to telnet into 192.168.1.2? The only idea I have, and I am very limited in my understanding at this point, is if I were to forward port 23 out of the E1000 to the 192.168.1.2 address. Will my login and password for line vty 0 4 understand the request if the original telnet was to my public IP?

3. If all of that is just non-sense, is there another work-around that allows me to acheive UPnP through my E1000, while retaining telnet ability to my lab so I can try things in different scenarios or while I'm away from home?

Much Thanks to anyone who replies!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
cadet alain
VIP Alumni
VIP Alumni
In response to orthostaticindifference

‎09-23-2011 10:22 AM

Hi John,

could you provide a diagram of actual setup and one of what you intend to do along with IP addresses.

For question 2, there is no problem that's what port forwarding is for.

For question 1 the E1000 is doing PAT for its internal subnet.

So you can telnet into the router attached to E1000 but I don't think E1000 supports VLANS so you won't be able to connect the other 2 routers to the other 2 ports if you want them to be in another subnet.

Just post your topologies and we'll take a look at them.

Regards.

Alain.

Don't forget to rate helpful posts.

View solution in original post

0 Helpful
5 Replies 5

Go to solution
orthostaticindifference
Level 1
Level 1

‎09-23-2011 09:20 AM

Darn, no edit function for posts?  Well, anyway, what I meant to type has been corrected below.

John White wrote:
. 
The only solution I can see to this problem is to return my public IP back to the E1000 router, which is running RIP Version 2 (white papers said version 1, but a debup ip rip showed that updates were being ignored due to illegal version), and then poing IPing and connecting my other three routers to it for outside access.
0 Helpful

Go to solution
cadet alain
VIP Alumni
VIP Alumni
In response to orthostaticindifference

‎09-23-2011 10:22 AM

Hi John,

could you provide a diagram of actual setup and one of what you intend to do along with IP addresses.

For question 2, there is no problem that's what port forwarding is for.

For question 1 the E1000 is doing PAT for its internal subnet.

So you can telnet into the router attached to E1000 but I don't think E1000 supports VLANS so you won't be able to connect the other 2 routers to the other 2 ports if you want them to be in another subnet.

Just post your topologies and we'll take a look at them.

Regards.

Alain.

Don't forget to rate helpful posts.
0 Helpful

Go to solution
orthostaticindifference
Level 1
Level 1
In response to cadet alain

‎09-23-2011 12:00 PM

Sure, I've attached a diagram, and in case it's not very clear, I'm also detailing the current config and the proposed config. To address your concern, I am using an easy /24 setup for each segment. The E1000 will be 192.168.1.1, and then only 1 Cisco router will connect the E1000, as 192.168.1.2. After that, each segment will receive a 2.0, 3.0, 4.0, and 5.0 subnet, and a default gateway of 0.0.0.0 0.0.0.0 so they will forward to the E1000.

If UPnP will work on all the cisco routers when the E1000 acts as the nat outside, great. If not this allows me to use the wireless access and 3 free LAN ports for my game systems to utilize the UPnP supported by the E1000. I just need to make sure that I will still be able to access one private interface via telnet.

Current Config:

2621

FA0/0 - Modem, 98.x.x.x

FA0/1 - E1000, 192.168.6.1 /24

S0/0 - 2501, 192.168.2.1 /24

2501

S0 - 2621, 192.168.2.2 /24

S1 - 2610XM, 192.168.3.1 /24

E0 - 2950, 192.168.4.1 /24

2610XM

S1/0 - 2501, 192.168.3.2 /24

FA0/0 - 2950, 192.168.5.1

In this config, the e1000, 2924 and both 2950s are setup as switches only.

Proposed Config:

E1000

WAN - Modem, 98.x.x.x

FA1 - 2621, 192.168.1.1

2621

FA0/0 - E1000, 192.168.1.2

FA0/1 - 2950, 192.168.2.1

S0/0 - 2501, 192.168.3.2

2501

S0 - 2621, 192.168.3.1

S1 - 2610XM, 192.168.4.1

2610XM

S1/0 - 2501, 192.168.4.2

FA/00 - 2950, 192.168.5.1

In this setup, only the Cisco switches act as switches, the 2621 has an interface on the same subnet as the E1000, and the remaining Routers will reach the E1000 through the 2621.

My hope is that with this new configuration, forwarding pot 23 to 192.168.1.2 will allow for telnet into the 2621 interface, and then I can hope between routers by using ip host within the 2621.

Thanks again for any input!

0 Helpful

Go to solution
orthostaticindifference
Level 1
Level 1
In response to orthostaticindifference

‎09-23-2011 01:02 PM

Well, the nice thing about a lab is that you can throw yourself in the fire. It looks as though I need to learn more about VLAN theory. I assumed that an inherent function of any router would be to cross VLANs, even on a SoHo production level.

I've moved to my new configuration, telnet works to the 2621 via port forwarding, but as cadet alain pointed out, since all of my other routers are on different subnets, when they reach the E1000 packets are discarded. That's frustrating, although I have a hunch that UPnP at the E1000 wouldn't have made it functional to hosts behind the other routers without UPnP support. It is a little discouraging that any hosts I hook-up on my lab will not be able to reach the outside world, but my original config taught me most of what I need to know at a beginner level for nat and pat.

I suppose I'm still curious if UPnP has to be supported by each router, or if only the router with the outside pat interface needs to support UPnP for all internal traffic to utilize it. I'm guessing has to be supported on each router with a host.

Also, I ended up assigning ip name-servers to every router when I wasn't going through the E1000, otherwise each router would check 255.255.255.255. I'm curious if ip name-server can be dynamically pulled on each router via the router with the DHCP interface, or if this always has to be manually configured.

0 Helpful

Go to solution
cadet alain
VIP Alumni
VIP Alumni
In response to orthostaticindifference

‎09-23-2011 01:07 PM

Hi,

In this setup, only the Cisco switches act as switches, the 2621 has  an interface on the same subnet as the E1000, and the remaining Routers  will reach the E1000 through the 2621.

My  hope is that with this new configuration, forwarding pot 23 to  192.168.1.2 will allow for telnet into the 2621 interface, and then I  can hope between routers by using ip host within the 2621.

Yes you'll be able to achieve what you want. Run rip between all routers including the E1000, remove NAT on all Cisco routers and port forward tcp 23 on your E1000.But I suggest you use ssh instead because telnet is an insecure protocol,configure a strong password with username and authentication on line vty should use this user/pass.

Configure a strong enable secret password and disable telnet access on the router

On the E1000 you'll surely have to permit ssh traffic from outside for this to work.

If you need help for Cisco config just ask.

Regards.

Alain.

Don't forget to rate helpful posts.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card