1. Home
  2. Cisco Systems
  3. Destination NAT on Cisco 876?

Destination NAT on Cisco 876?

Imagine the following scenario:

10.0.0.1/24 .254 |-----------+ dyn. IP +-------+-----------+ Cisco 876 +--------- Internet (PPPoE) | | |-----------+ | | Host 1 Host2 .1 .2

The Problem:

------------

Host 1 should be reachable from the Internet over port 22. Since the outside IP Adress of the Cisco 876 is allocated dynamically, it registers this address at dyndns.org. And so far, everything's working fine. The problem occurs if Host2 tries to connect to Host1 by using its DynDNS-Name (which resolves to the outside IP address of the 876), the SSH connection takes place with the 876 and NOT with Host1. Is there any known possibility to get that working?

I thought of something like dnat on the PIX, which translates destination adresses, but I did not manage it yet.

TIA, Martin

Reply to
Martin Turba
Loading thread data ...

Please post your NAT config...

B.R. Igor

Reply to
Igor Mamuzic

Bonjour,

Martin Turba avait prétendu :

I've exactly the same problem... (and did'nt found any issue yet)

Reply to
Alni

Can be done via route-map and a loopback interface. Set a different next-hop interface according to the source interface to circumvent NAT.

Reply to
Uli Link

Bonjour,

Uli Link vient de nous annoncer :

Any config example ?

Reply to
Alni

Thanks, Uli.. I'll try that in our lab next week. If I am successful, I'll post a configuration example here.

Martin

Reply to
Martin Turba

Something like this: ?

ip nat inside source static tcp 10.0.0.1 22 interface [outside-if-name-here]

22 extendable

Be sure to disable ssh on the 876 itself and any access lists permit port 22 from the internet. (crypto key zeroize rsa, to disable ssh)

erik

Reply to
Erik Tamminga

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.