10-22-2012 12:39 AM - edited 03-07-2019 09:36 AM
En cours de modération
Dear all,
I write on this community support to ask you your help to made a special configuration.
I have a network of 3 cisco 2611XM routeurs connected on the same network with their interfaces f0/0.
On the f0/1 of the 3 routers I have some networks element which have the same IP addresses.
Here is a scheme :
10.1.1.1/24 ------ f0/0 RTR1 f0/1 ------- 1.0.1.5/8 ---------- Network element with IP 1.0.1.0/8.
Lo0 10.255.255.1
10.1.1.2/24 ------ f0/0 RTR2 f0/1 ------- 1.0.1.5/8 ---------- Network element with IP 1.0.1.0/8.
Lo0 10.255.255.2
10.1.1.3/24 ------ f0/0 RTR3 f0/1 ------- 1.0.1.5/8 ---------- Network element with IP 1.0.1.0/8.
Lo0 10.255.255.3
What I want is the next thing :
###When I do a telnet on the f0/0 of a router I want a telnet ##############access to the network element with IP 1.0.1.0
When I do a telnet on the Lo0 of a router I want a telnet access on the router itself.
All other type of traffic is authorized.
Thanks for your help.
Jean-Yves
Solved! Go to Solution.
10-23-2012 01:30 AM
Hi Jean-Yves
Glad to hear it's working.
There is no problem to change this. Just delete the nat entry
ip nat inside source static 1.0.1.0 10.1.1.11
and replace it with
ip nat inside source static 1.0.1.0 10.1.1.1
and then for router 2 do
ip nat inside source static 1.0.1.0 10.1.1.2
and so on
/Mikael
10-22-2012 04:42 AM
Hello Jean,
can you draw some sort of diagram of your network so we can have a better Idea of what exactly
you want to achieve,
Ahmed Sonba
10-22-2012 05:05 AM
Hello,
Here is a draw of what I want.
From any host when I do a telnet on the f0/0 interface of RTR1 or RTR2 or RTR3 I would like to access via telnet to the address 1.0.1.0.
From any host, when I do a telnet to the lo0 address, I would like to have access to the router itself.
Br,
Jean-Yves
10-22-2012 05:18 AM
Jean-Yves
I am puzzled why you would have 3 routers connected on their f0/0 interface and have exactly the same IP address configured on their f0/1 interface. The result of doing this would be that each router believes that 10.0.1.0/8 is local and would not go to either of the other routers to access that range of addresses. But you have asked a question with that condition and we will try to provide answers for your questions.
I am also not sure that you can get this to work quite as you describe. If you configure f0/0 with subnet 10.1.1.0/24 and then try to configure f0/1 with 10.0.1.0/8 then IOS will not accept this and will have an error about overlapping addresses. So I wonder if you would want to change your conditions a bit (perhaps to make the subnet on f0/1 a /24 rather than /8)?
In the condition where all 3 routers have the same IP address configured on f0/1 then when you telnet to that address (10.0.1.0 in the current description) then the router will telnet to itself. This works by default.
If you have routing table entries for the loopback interface of each router with the next hop of the f0/0 of that router then you should be able to telnet to the other router and then to access network resources on that router. These routing table entries could be the result either of static routes or of having some dynamic routing protocol running which advertises these loopback interface addresses.
I hope that this is helpful. If it does not answer your question then please provide clarification about what you are trying to achieve.
HTH
Rick
10-22-2012 06:00 AM
Hello Richard,
The three routers have same addres on F0/1 and is 1.0.1.5/8 (because equipment connected behind each router is an old equipment which is configured with the IP address 1.0.1.0 and cannot be modified). The network 1.0.0.0/8 is not known from the rest of the network (Sorry for this missed point).
The only known access from all my network is the f0/0 IP address of the three routers.
Br,
Jean-Yves
10-22-2012 08:54 AM
Hi
You can try with nat.
example for R1
int f0/0
ip nat outside
int f0/1
ip nat inside
ip nat inside source static 1.0.1.0 10.1.1.11
with this, when You telnet to 10.1.1.11, the session will be translated to 1.0.1.0
/Mikael
10-23-2012 12:55 AM
Tanks Mickael, the solution is working but I would like to use the IP address of the F0/0 interface to make the access because I will have many others routers with same configuration on my network and I can't extend it.
Br,
Jean-Yves
10-23-2012 01:30 AM
Hi Jean-Yves
Glad to hear it's working.
There is no problem to change this. Just delete the nat entry
ip nat inside source static 1.0.1.0 10.1.1.11
and replace it with
ip nat inside source static 1.0.1.0 10.1.1.1
and then for router 2 do
ip nat inside source static 1.0.1.0 10.1.1.2
and so on
/Mikael
10-23-2012 06:17 AM
Tanks Mickael, it works fine.
My problem is the next one, I would like to NAT only telnet sessions and not all the traffic, the rest of the traffic is for routrt itself. How can I do this ?
Br,
Jean-Yves
10-23-2012 06:49 AM
Hi
What traffic is it ?
Does it need to access the fa0/0 ?
If the traffic goes to the loopback instead, it will work.
/Mikael
10-23-2012 07:03 AM
There is EIGRP, NTP and SNMP traffic.
Br,
Jean-Yves
10-23-2012 07:34 AM
There is an option to use a route-map in the "ip nat ..." command. I just tried it, but I can't get it to work.
Try to play with it and see if You can get it to work.
this is how I tried
ip nat inside source static 1.0.1.0 100.1.1.1 route-map telnet
access-list 111 permit tcp any eq telnet any
access-list 111 permit tcp any any eq telnet
route-map telnet permit 10
match ip address 111
!
route-map telnet deny 20
but, as I said above, it didn't work for me.
Maybe an option for You, if You move the loopback ip:s to the interface as an secondary ip (changing the netmasks of course). Or make them primary address and move the 100.1.1.x into secondary. Then You have two ip addresses on the interface. The primary one will be used for routing-protocol snmp ntp and telnet to the router. The secondary address will be used in the "ip nat ---" command.
/Mikael
10-24-2012 12:35 AM
Hello Mickael,
Tanks a lot for your help.
By searching in CISCO documentation I have found this command :
ip nat inside source statis tcp 1.0.1.0 23 10.1.1.1 23
It does nat only for Telnet sessions.
Br,
Jean-Yves
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide