cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Community Helping Community

1167
Views
0
Helpful
12
Replies
Highlighted

IP forwarding problem

En cours de modération

Dear all,

I write on this community support to ask you your help to made a special configuration.

I have a network of 3 cisco 2611XM routeurs connected on the same network with their interfaces f0/0.

On the f0/1 of the 3 routers I have some networks element which have the same IP addresses.

Here is a scheme :

10.1.1.1/24 ------ f0/0 RTR1 f0/1 ------- 1.0.1.5/8 ---------- Network element  with IP 1.0.1.0/8.

                         Lo0 10.255.255.1

10.1.1.2/24 ------ f0/0 RTR2 f0/1 ------- 1.0.1.5/8 ---------- Network element  with IP 1.0.1.0/8.

                         Lo0 10.255.255.2

10.1.1.3/24 ------ f0/0 RTR3 f0/1 ------- 1.0.1.5/8 ---------- Network element  with IP 1.0.1.0/8.

                         Lo0 10.255.255.3

What I want is the next thing :

###When I do a telnet on the f0/0 of a router I want a telnet ##############access to the network element with IP 1.0.1.0

When I do a telnet on the Lo0 of a router I want a telnet access on the router itself.

All other type of traffic is authorized.

Thanks for your help.

Jean-Yves

Everyone's tags (4)
1 ACCEPTED SOLUTION

Accepted Solutions
Rising star

IP forwarding problem

Hi Jean-Yves

Glad to hear it's working.

There is no problem to change this. Just delete the nat entry

ip nat inside source static 1.0.1.0 10.1.1.11

and replace it with

ip nat inside source static 1.0.1.0 10.1.1.1

and then for router 2 do

ip nat inside source static 1.0.1.0 10.1.1.2

and so on

/Mikael

View solution in original post

12 REPLIES 12
Beginner

IP forwarding problem

Hello Jean,

can you draw some sort of diagram of your network so we can have a better Idea of what exactly

you want to achieve,

Ahmed Sonba

IP forwarding problem

Hello,

Here is a draw of what I want.

From any host when I do a telnet on the f0/0 interface of RTR1 or RTR2 or RTR3 I would like to access via telnet to the address 1.0.1.0.

From any host, when I do a telnet to the lo0 address, I would like to have access to the router itself.

Br,

Jean-Yves

Hall of Fame Master

IP forwarding problem

Jean-Yves

I am puzzled why you would have 3 routers connected on their f0/0 interface and have exactly the same IP address configured on their f0/1 interface. The result of doing this would be that each router believes that 10.0.1.0/8 is local and would not go to either of the other routers to access that range of addresses. But you have asked a question with that condition and we will try to provide answers for your questions.

I am also not sure that you can get this to work quite as you describe. If you configure f0/0 with subnet 10.1.1.0/24 and then try to configure f0/1 with 10.0.1.0/8 then IOS will not accept this and will have an error about overlapping addresses. So I wonder if you would want to change your conditions a bit (perhaps to make the subnet on f0/1 a /24 rather than /8)?

In the condition where all 3 routers have the same IP address configured on f0/1 then when you telnet to that address (10.0.1.0 in the current description) then the router will telnet to itself. This works by default.

If you have routing table entries for the loopback interface of each router with the next hop of the f0/0 of that router  then you should be able to telnet to the other router and then to access network resources on that router. These routing table entries could be the result either of static routes or of having some dynamic routing protocol running which advertises these loopback interface addresses.

I hope that this is helpful. If it does not answer your question then please provide clarification about what you are trying to achieve.

HTH

Rick

If you found this post helpful, please let the community know by clicking the helpful button!
By doing so, and until end of January, you are helping Doctors Without Borders

IP forwarding problem

Hello Richard,

The three routers have same addres on F0/1 and is 1.0.1.5/8 (because equipment connected behind each router is an old equipment which is configured with the IP address 1.0.1.0 and cannot be modified). The network 1.0.0.0/8 is not known from the rest of the network (Sorry for this missed point).

The only known access from all my network is the f0/0 IP address of the three routers.

Br,

Jean-Yves

Rising star

IP forwarding problem

Hi

You can try with nat.

example for R1

int f0/0

ip nat outside

int f0/1

ip nat inside

ip nat inside source static 1.0.1.0 10.1.1.11

with this, when You telnet to 10.1.1.11, the session will be translated to 1.0.1.0

/Mikael

IP forwarding problem

Tanks Mickael, the solution is working but I would like to use the IP address of the F0/0 interface to make the access because I will have many others routers with same configuration on my network and I can't extend it.

Br,

Jean-Yves

Rising star

IP forwarding problem

Hi Jean-Yves

Glad to hear it's working.

There is no problem to change this. Just delete the nat entry

ip nat inside source static 1.0.1.0 10.1.1.11

and replace it with

ip nat inside source static 1.0.1.0 10.1.1.1

and then for router 2 do

ip nat inside source static 1.0.1.0 10.1.1.2

and so on

/Mikael

View solution in original post

IP forwarding problem

Tanks Mickael, it works fine.

My problem is the next one, I would like to NAT only telnet sessions and not all the traffic, the rest of the traffic is for routrt itself. How can I do this ?

Br,

Jean-Yves

Rising star

IP forwarding problem

Hi

What traffic is it ?

Does it need to access the fa0/0 ?

If the traffic goes to the loopback instead, it will work.

/Mikael

IP forwarding problem

There is EIGRP, NTP and SNMP traffic.

Br,

Jean-Yves

Rising star

IP forwarding problem

There is an option to use a route-map in the "ip nat ..." command. I just tried it, but I can't get it to work.

Try to play with it and see if You can get it to work.

this is how I tried

ip nat inside source static 1.0.1.0 100.1.1.1 route-map telnet

access-list 111 permit tcp any eq telnet any

access-list 111 permit tcp any any eq telnet

route-map telnet permit 10

match ip address 111

!       

route-map telnet deny 20

but, as I said above, it didn't work for me.

Maybe an option for You, if  You move the loopback ip:s to the interface as an secondary ip (changing the netmasks of course). Or make them primary address and move the 100.1.1.x into secondary. Then You have two ip addresses on the interface. The primary one will be used for routing-protocol snmp ntp and telnet to the router. The secondary address will be used in the "ip nat ---" command.

/Mikael

IP forwarding problem

Hello Mickael,

Tanks a lot for your help.

By searching in CISCO documentation I have found this command :

ip nat inside source statis tcp 1.0.1.0 23 10.1.1.1 23

It does nat only for Telnet sessions.

Br,

Jean-Yves

CreatePlease to create content
Content for Community-Ad