RE: Wacky NAT scenario - AUX port + reverse telnet + VPN

From: Joseph Brunner (joe@affirmedsystems.com)
Date: Wed Jul 23 2008 - 01:21:57 ART

• Next message: Radioactive Frog: "OT: opensource radius server for wimax 802.16"
• Previous message: Johnnie Utah: "Wacky NAT scenario - AUX port + reverse telnet + VPN"
• Maybe in reply to: Johnnie Utah: "Wacky NAT scenario - AUX port + reverse telnet + VPN"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Good evening Johnie,

In the wonderful IE WB VOL 2 (shameful plug, sure, congrats Scott M. again
on the new gig)

There are several examples of how to "juggle traffic" across loopback
interfaces with ip nat inside, forcing it there with local policy routing.

The first loopback interface the traffic is local policy routed to has ip
nat inside, and that loopback has an - you guest it - policy route to
another interface with "ip nat outside".

So its like nat by rule regardless of the routing table.

So in your situation I would nat with this method instead of worrying about
ip aliases. I have used this type of config several times in production
myself for ip sla monitoring from specific addresses, etc.

-Joe

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Johnnie Utah
Sent: Wednesday, July 23, 2008 12:05 AM
To: ccielab@groupstudy.com
Subject: Wacky NAT scenario - AUX port + reverse telnet + VPN

Experts,

I have a fairly obscure scenario that I'm trying to build a solution
for...First, a diagram:

Subnet A ----------[router A]----------VPN------------[router
B]---------Subnet B

Here is the initial requirement:

1. Create VPN between routers A&B over dialup on PSTN (done)
2. Connect Modbus enabled device to AUX port of router B and access it
on port 4001 (done)

Here is the problem I am trying to solve - there are (2) applications
originating from subnet A that are used to access the Modbus device in
hanging off router B with different destination port numbers.

- Application 1 can adjust the destination port to anything, i.e. TCP
4001 - this is tested and it works, the reverse telnet works fine.
- Application 2 is fixed at trying to connect to destination port TCP 502.

What I'm trying to accomplish is basic port translation - i.e.
192.168.0.1:502 ---> 192.168.0.1:4001. In my particular scenario, the
IP address is the fa0/0 ip address of router B.

I have tried several NAT scenarios including NAT on a stick, the "ip
nat inside source tcp x.x.x 502 x.x.x.x 4001 ext" and an array of
other permutations with limited results. Has anyone else on this
mailer attempted to port translate with reverse telnet? Am I missing
something obvious such as an ip alias to the desired port?

Much appreciated...

JU

• Next message: Radioactive Frog: "OT: opensource radius server for wimax 802.16"
• Previous message: Johnnie Utah: "Wacky NAT scenario - AUX port + reverse telnet + VPN"
• Maybe in reply to: Johnnie Utah: "Wacky NAT scenario - AUX port + reverse telnet + VPN"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Aug 04 2008 - 06:11:56 ART