Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
608
Views
0
Helpful
0
Replies

Reverse Telnet via NAT

James Seddon
Level 1
Level 1

‎01-13-2011 12:55 PM

So I have just built my new CCNP lab, and plan to rent it out to fellow students at my university. The idea is that they connect remotley via telnet to specific port numbers that are associated with a device. Now for the virtual equipment this is extremely easy as I can simply forward all the ports to the virtualisation server and that will negotiate connections on the fly.

But, my problem is access for physical devices. My netgear router does not provide static NAT translations so I am having to resort to providing a NAT service behind this router (Oh the fun of CCNP). The basic rule is as follows (example connection): User connects to {External IP} on port 2001 - Port is passed to layer three switch - Switch has static routes that direct each port to an associated device on port 23

To make that easier to understand I have created a topology of the physical devices:

NAT - Telnet.png

I am pretty certain that this is going to work (well it will) so what I am looking for is any suggestions/improvements/alterations to this plan. Before mentioned, I have considered an access server such as the 2509 and I probably will buy one but after spending £600 on new switches I cnnot afford it just yet.

Thanks for any advice you have to share

{Update}

Okay so here we go, it turns out that on my switches (Catalyst 3550 EMI) NAT is unavailable. However I did find a more practical solution using a command I had never heard of: Rotary. The 'Rotary <1-99>' command allows a Cisco device to respond to incoming telnet/ssh sessions on a port other than 23. It starts at port 3001 and continues to port 3099 (Or at least that is the limmit on a 3550). The number specified in the rotary command specifies the port to be used: So using 'Rotary 1' would give a port of 3001, and 'Rotary 78' would give a port of 3078.

The command is applied to a "Line VTY <0-15>' interface, and I have opted to only apply it to VTY5. This means that interally I have 15 lines on which to still connect via the standard port of 23.

Hopefully this will prove usefull to some one out there and if you need any help just make a reply.

Labels:
Preview file
58 KB
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents