From: Bill jegcitroen (jegcitroen@hotmail.com)
Date: Mon Oct 21 2002 - 23:24:57 GMT-3
Wow! It DOES work!
The solution is beyond my original imagination!
Thanx everybody involved!
-jegcitroen
>From: LoizosCisco <david_steven2001@yahoo.com>
>To: Ron <id353@singnet.com.sg>, jegcitroen@hotmail.com,
>ccielab@groupstudy.com
>Subject: Re: telnet source address
>Date: Mon, 21 Oct 2002 11:41:18 -0700 (PDT)
>
>Ron,
>
>If John wants to use the secondary IP as the source
>using NAT then that is easy to achive, but he said to
>me that NAT has nothing to do with doing that.
>I hope he will come up with the solution he is looking
>for as share it with us.
>
>Thanks for getting involved :-)
>
>
>
>
>--- Ron <id353@singnet.com.sg> wrote:
> > Loiz,
> >
> > From my previous simulation, this was what I had
> > derived at:
> >
> > 1) From the config that was used,
> >
> > R2
> >
> > interface Ethernet0
> > ip address 10.10.10.2 255.255.255.0 secondary
> > ip address 10.10.10.1 255.255.255.0
> > !
> > interface Serial0
> > no ip address
> > encapsulation frame-relay
> > no frame-relay inverse-arp
> > !
> > interface Serial0.100 multipoint
> > ip address 150.50.100.2 255.255.255.0
> > ip nat outside
> > ip ospf network broadcast
> > ip ospf priority 254
> > frame-relay map ip 150.50.100.3 103 broadcast
> > frame-relay map ip 150.50.100.5 105 broadcast
> > frame-relay map ip 150.50.100.6 106 broadcast
> > !
> > router ospf 1
> > log-adjacency-changes
> > network 10.10.10.0 0.0.0.255 area 0
> > network 150.50.100.0 0.0.0.255 area 0
> > !
> > ip nat pool mypool 10.10.10.2 10.10.10.2 netmask
> > 255.255.255.0
> > ip nat inside source list 1 pool mypool overload
> > !
> > access-list 1 permit 10.10.10.0 0.0.0.255
> >
> >
> > R3
> >
> > access-list 1 permit 10.10.10.2 log
> > !
> > !
> > line con 0
> > transport input none
> > line aux 0
> > line vty 0 4
> > access-class 1 in
> > password cisco
> > login
> >
> >
> > 2) I was able to telnet to the second router which
> > had an access-list blocking all ip addresses except
> > the ethernet0 secondary address on R2
> >
> > R2#150.50.100.3
> > Trying 150.50.100.3 ... Open
> >
> >
> > User Access Verification
> >
> > Password:
> > Password:
> >
> >
> > 3) A debug ip pack shows:
> >
> > R3#
> > 1d21h: IP: s=10.10.10.2 (Serial0), d=150.50.100.3
> > (Serial0), len 44, rcvd 3
> > 1d21h: IP: s=150.50.100.3 (local), d=10.10.10.2
> > (Serial0), len 44, sending
> > 1d21h: IP: s=10.10.10.2 (Serial0), d=150.50.100.3
> > (Serial0), len 40, rcvd 3
> > 1d21h: IP: s=10.10.10.2 (Serial0), d=150.50.100.3
> > (Serial0), len 49, rcvd 3
> > 1d21h: IP: s=10.10.10.2 (Serial0), d=150.50.100.3
> > (Serial0), len 40, rcvd 3
> > 1d21h: IP: s=150.50.100.3 (local), d=10.10.10.2
> > (Serial0), len 52, sending
> >
> >
> > Which carries a source of R2's secondary ip address.
> >
> > 4) A debug ip nat de shows:
> >
> > R2#150.50.100.3
> > Trying 150.50.100.3 ... Open
> >
> >
> > User Access Verification
> >
> > Password:
> > 1d21h: NAT: Allocated Port for 10.10.10.1 ->
> > 10.10.10.2: wanted 11038 got 11038
> > 1d21h: NAT: i: tcp (10.10.10.1, 11038) ->
> > (150.50.100.3, 23) [0]
> > 1d21h: NAT: s=10.10.10.1->10.10.10.2, d=150.50.100.3
> > [0]
> > 1d21h: NAT: o: tcp (150.50.100.3, 23) ->
> > (10.10.10.2, 11038) [0]
> > 1d21h: NAT: s=150.50.100.3, d=10.10.10.2->10.10.10.1
> > [0]
> >
> >
> > Is that what was required ? Hope I'm getting the
> > right understanding from John. One question - the
> > above will effectively translates all source
> > addresses passing thru the serial link into
> > 10.10.10.2 which seems a bit funny. Any other way to
> > acheive the telnet without meddling with the other
> > non-telnet traffic ?
> >
> > Cheers...
> >
> > Ron
> >
> > From LoizosCisco <david_steven2001@yahoo.com> on 21
> > Oct 2002:
> >
> > >
> > >
> > > Rontan,
> > >
> > > It seems that John's question is asking something
> > > else. He wants to know how he can telnet from that
> > > router so that on the router he telnets to will
> > show
> > > that the source is the secondary IP.
> > >
> > > When you use the command "ip telnet
> > source-interface
> > > e0" it will use the primary as the source IP. I
> > tried
> > > last night to make the secondary as the source but
> > to
> > > no avail. I am curious if there is a way to do
> > that.
> > >
> > > Loizos
> > >
> > >
> > > --- Ron <id353@singnet.com.sg> wrote:
> > > > Loiz is right. I'd managed to get it up and
> > running
> > > > based on Bill's problem. The actual
> > configurations
> > > > as follows:
> > > >
> > > > ip nat pool mypool 10.0.0.231 10.0.0.231
> > > > 255.255.255.0
> > > > ip nat inside source list 1 pool mypool overload
> > > >
> > > > access-list 1 permit 10.0.0.0 0.0.0.255
> > > >
> > > > cheers..
> > > >
> > > > Ron
> > > >
> > > > From LoizosCisco <david_steven2001@yahoo.com> on
> > 20
> > > > Oct 2002:
> > > >
> > > > >
> > > > > Bill,
> > > > >
> > > > > Try this:
> > > > >
> > > > > ip nat inside source list 1 pool mypool
> > overload
> > > > > !
> > > > > access-list 1 permit 10.0.0.231 0.0.0.255
> > > > >
> > > > > Please let me know if it works.
> > > > >
> > > > > Loizos
> > > > >
> > > > >
> > > > > --- Bill jegcitroen <jegcitroen@hotmail.com>
> > > > wrote:
> > > > > > Hi Ron,
> > > > > >
> > > > > > Thanx a lot. But I don't think it will work.
> > > > > >
> > > > > > when the "ip telnet sour" or "telnet host
> > /sour"
> > > > > > commands r used, the router
> > > > > > will
> > > > > > use the address of the closest interface to
> > the
> > > > > > destination as the source
> > > > > > address.
> > > > > >
> > > > > > but my scenario is shown as follow:
> > > > > > #sh ru int e0
> > > > > > !
> > > > > > interface Ethernet0/0
> > > > > > ip address 10.0.0.231 255.255.255.0
> > secondary
> >
>=== message truncated ===
>
>
>__________________________________________________
>Do you Yahoo!?
>Y! Web Hosting - Let the expert host your web site
>http://webhosting.yahoo.com/
This archive was generated by hypermail 2.1.4 : Tue Nov 05 2002 - 08:35:53 GMT-3