Sunday, August 17, 2008

NAT - Port forwarding telnet

Here is the topology:


R1 and R3 are on the network.
R3 and R4 are on the network.
R4 and R5 are on the network.

The goal of this scenario is:

R1 uses R4's address and port 23 to telnet to R4
R1 uses R4's address and port 3001 to telnet to R5.
R1 does not have knowledge of R4-R5 network so NAT is necessary.
R5 uses R4 as default route.

When R1 enters "telnet" it should enter R4.
When R1 enters "telnet 3001" it should enter R5.

First set up R4 and R5 for vty access, remember to use rotary command on R5 to set up port 3001.

R4(config)#line vty 0 4
R4(config-line)#password cisco

R5(config)#line vty 5
R5(config-line)#rotary 1
R5(config-line)#password cisco

Also make R4's interface to R3 "ip nat outside", and R4's interface to R5 "ip nat inside."

On R4 we only need one more command now:

R4(config)#ip nat inside source static tcp 3001 3001

Now Let's try it:

Trying ... Open

User Access Verification


Perfect, we are in R4 now. Let's exit and try port 3001:

R1#telnet 3001
Trying, 3001 ... Open

User Access Verification


We are in R5 here. This was a lot easier than I thought :)

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.