Hello,

Here is a draw of what I want.

From any host when I do a telnet on the f0/0 interface of RTR1 or RTR2 or RTR3 I would like to access via telnet to the address 1.0.1.0.

From any host, when I do a telnet to the lo0 address, I would like to have access to the router itself.

Br,

Jean-Yves

Jean-Yves

I am puzzled why you would have 3 routers connected on their f0/0 interface and have exactly the same IP address configured on their f0/1 interface. The result of doing this would be that each router believes that 10.0.1.0/8 is local and would not go to either of the other routers to access that range of addresses. But you have asked a question with that condition and we will try to provide answers for your questions.

I am also not sure that you can get this to work quite as you describe. If you configure f0/0 with subnet 10.1.1.0/24 and then try to configure f0/1 with 10.0.1.0/8 then IOS will not accept this and will have an error about overlapping addresses. So I wonder if you would want to change your conditions a bit (perhaps to make the subnet on f0/1 a /24 rather than /8)?

In the condition where all 3 routers have the same IP address configured on f0/1 then when you telnet to that address (10.0.1.0 in the current description) then the router will telnet to itself. This works by default.

If you have routing table entries for the loopback interface of each router with the next hop of the f0/0 of that router  then you should be able to telnet to the other router and then to access network resources on that router. These routing table entries could be the result either of static routes or of having some dynamic routing protocol running which advertises these loopback interface addresses.

I hope that this is helpful. If it does not answer your question then please provide clarification about what you are trying to achieve.

HTH

Rick

Hello Richard,

The three routers have same addres on F0/1 and is 1.0.1.5/8 (because equipment connected behind each router is an old equipment which is configured with the IP address 1.0.1.0 and cannot be modified). The network 1.0.0.0/8 is not known from the rest of the network (Sorry for this missed point).

The only known access from all my network is the f0/0 IP address of the three routers.

Br,

Jean-Yves

Tanks Mickael, the solution is working but I would like to use the IP address of the F0/0 interface to make the access because I will have many others routers with same configuration on my network and I can't extend it.

Br,

Jean-Yves

Tanks Mickael, it works fine.

My problem is the next one, I would like to NAT only telnet sessions and not all the traffic, the rest of the traffic is for routrt itself. How can I do this ?

Br,

Jean-Yves

Hi

What traffic is it ?

Does it need to access the fa0/0 ?

If the traffic goes to the loopback instead, it will work.

/Mikael

There is EIGRP, NTP and SNMP traffic.

Br,

Jean-Yves

There is an option to use a route-map in the "ip nat ..." command. I just tried it, but I can't get it to work.

Try to play with it and see if You can get it to work.

this is how I tried

ip nat inside source static 1.0.1.0 100.1.1.1 route-map telnet

access-list 111 permit tcp any eq telnet any

access-list 111 permit tcp any any eq telnet

route-map telnet permit 10

match ip address 111

!       

route-map telnet deny 20

but, as I said above, it didn't work for me.

Maybe an option for You, if  You move the loopback ip:s to the interface as an secondary ip (changing the netmasks of course). Or make them primary address and move the 100.1.1.x into secondary. Then You have two ip addresses on the interface. The primary one will be used for routing-protocol snmp ntp and telnet to the router. The secondary address will be used in the "ip nat ---" command.

/Mikael

Hello Mickael,

Tanks a lot for your help.

By searching in CISCO documentation I have found this command :

ip nat inside source statis tcp 1.0.1.0 23 10.1.1.1 23

It does nat only for Telnet sessions.

Br,

Jean-Yves