Re: telnet source address

From: Ron (id353@singnet.com.sg)
Date: Mon Oct 21 2002 - 12:18:45 GMT-3

• Next message: Albert Lu: "RE: MPLS for 2500 - almost (filename)"
• Previous message: Howard C. Berkowitz: "RE: What's the policy on hardware failures?"
• Maybe in reply to: Bill jegcitroen: "telnet source address"
• Next in thread: Bill jegcitroen: "Re: telnet source address"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Loiz,

From my previous simulation, this was what I had derived at:

1) From the config that was used,

R2

interface Ethernet0
 ip address 10.10.10.2 255.255.255.0 secondary
 ip address 10.10.10.1 255.255.255.0
!
interface Serial0
 no ip address
 encapsulation frame-relay
 no frame-relay inverse-arp
!
interface Serial0.100 multipoint
 ip address 150.50.100.2 255.255.255.0
 ip nat outside
 ip ospf network broadcast
 ip ospf priority 254
 frame-relay map ip 150.50.100.3 103 broadcast
 frame-relay map ip 150.50.100.5 105 broadcast
 frame-relay map ip 150.50.100.6 106 broadcast
!
router ospf 1
 log-adjacency-changes
 network 10.10.10.0 0.0.0.255 area 0
 network 150.50.100.0 0.0.0.255 area 0
!
ip nat pool mypool 10.10.10.2 10.10.10.2 netmask 255.255.255.0
ip nat inside source list 1 pool mypool overload
!
access-list 1 permit 10.10.10.0 0.0.0.255

R3

access-list 1 permit 10.10.10.2 log
!
!
line con 0
 transport input none
line aux 0
line vty 0 4
 access-class 1 in
 password cisco
 login

2) I was able to telnet to the second router which had an access-list blocking all ip addresses except the ethernet0 secondary address on R2

R2#150.50.100.3
Trying 150.50.100.3 ... Open

User Access Verification

Password:
Password:

3) A debug ip pack shows:

R3#
1d21h: IP: s=10.10.10.2 (Serial0), d=150.50.100.3 (Serial0), len 44, rcvd 3
1d21h: IP: s=150.50.100.3 (local), d=10.10.10.2 (Serial0), len 44, sending
1d21h: IP: s=10.10.10.2 (Serial0), d=150.50.100.3 (Serial0), len 40, rcvd 3
1d21h: IP: s=10.10.10.2 (Serial0), d=150.50.100.3 (Serial0), len 49, rcvd 3
1d21h: IP: s=10.10.10.2 (Serial0), d=150.50.100.3 (Serial0), len 40, rcvd 3
1d21h: IP: s=150.50.100.3 (local), d=10.10.10.2 (Serial0), len 52, sending

Which carries a source of R2's secondary ip address.

4) A debug ip nat de shows:

R2#150.50.100.3
Trying 150.50.100.3 ... Open

User Access Verification

Password:
1d21h: NAT: Allocated Port for 10.10.10.1 -> 10.10.10.2: wanted 11038 got 11038
1d21h: NAT: i: tcp (10.10.10.1, 11038) -> (150.50.100.3, 23) [0]
1d21h: NAT: s=10.10.10.1->10.10.10.2, d=150.50.100.3 [0]
1d21h: NAT: o: tcp (150.50.100.3, 23) -> (10.10.10.2, 11038) [0]
1d21h: NAT: s=150.50.100.3, d=10.10.10.2->10.10.10.1 [0]

Is that what was required ? Hope I'm getting the right understanding from John. One question - the above will effectively translates all source addresses passing thru the serial link into 10.10.10.2 which seems a bit funny. Any other way to acheive the telnet without meddling with the other non-telnet traffic ?

Cheers...

Ron

From LoizosCisco <david_steven2001@yahoo.com> on 21 Oct 2002:

>
>
> Rontan,
>
> It seems that John's question is asking something
> else. He wants to know how he can telnet from that
> router so that on the router he telnets to will show
> that the source is the secondary IP.
>
> When you use the command "ip telnet source-interface
> e0" it will use the primary as the source IP. I tried
> last night to make the secondary as the source but to
> no avail. I am curious if there is a way to do that.
>
> Loizos
>
>
> --- Ron <id353@singnet.com.sg> wrote:
> > Loiz is right. I'd managed to get it up and running
> > based on Bill's problem. The actual configurations
> > as follows:
> >
> > ip nat pool mypool 10.0.0.231 10.0.0.231
> > 255.255.255.0
> > ip nat inside source list 1 pool mypool overload
> >
> > access-list 1 permit 10.0.0.0 0.0.0.255
> >
> > cheers..
> >
> > Ron
> >
> > From LoizosCisco <david_steven2001@yahoo.com> on 20
> > Oct 2002:
> >
> > >
> > > Bill,
> > >
> > > Try this:
> > >
> > > ip nat inside source list 1 pool mypool overload
> > > !
> > > access-list 1 permit 10.0.0.231 0.0.0.255
> > >
> > > Please let me know if it works.
> > >
> > > Loizos
> > >
> > >
> > > --- Bill jegcitroen <jegcitroen@hotmail.com>
> > wrote:
> > > > Hi Ron,
> > > >
> > > > Thanx a lot. But I don't think it will work.
> > > >
> > > > when the "ip telnet sour" or "telnet host /sour"
> > > > commands r used, the router
> > > > will
> > > > use the address of the closest interface to the
> > > > destination as the source
> > > > address.
> > > >
> > > > but my scenario is shown as follow:
> > > > #sh ru int e0
> > > > !
> > > > interface Ethernet0/0
> > > > ip address 10.0.0.231 255.255.255.0 secondary
> > > > ip address 10.0.0.254 255.255.255.0
> > > > no ip redirects
> > > > no ip directed-broadcast
> > > > no ip proxy-arp
> > > > ip nat inside
> > > >
> > > > I wanna use 10.0.0.231 as the source ip address,
> > how
> > > > could I do?
> > > >
> > > > 8-(
> > > >
> > > >
> > > >
> > > > >From: Ron <id353@singnet.com.sg>
> > > > >To: "Bill jegcitroen" <jegcitroen@hotmail.com>,
> > > > ccielab@groupstudy.com
> > > > >Subject: Re: telnet source address
> > > > >Date: Sun, 20 Oct 2002 20:01:11 -0700
> > > > >
> > > > >ip telnet source-interface
> > > > >
> > > > >Allows a user to select an address of an
> > interface
> > > > as the source address
> > > > >for Telnet connections.
> > > > >
> > > > >Ron
> > > > >
> > > > >From Bill jegcitroen <jegcitroen@hotmail.com>
> > on 20
> > > > Oct 2002:
> > > > >

=== message truncated ===

• Next message: Albert Lu: "RE: MPLS for 2500 - almost (filename)"
• Previous message: Howard C. Berkowitz: "RE: What's the policy on hardware failures?"
• Maybe in reply to: Bill jegcitroen: "telnet source address"
• Next in thread: Bill jegcitroen: "Re: telnet source address"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Nov 05 2002 - 08:35:52 GMT-3