[c-nsp] console nat?
Janet Sullivan
ciscogeek at bgp4.net
Sun Jul 10 16:30:30 EDT 2005
Janet Sullivan wrote:
> I have a cisco 2511 that is being used as a console server for other
> routers. For the sake of this explanation, its ip is 192.168.23.200.
> What I want to do is set up some sort of nat translation on the 2511, so
> the following will happen:
>
> telnet to 192.168.23.201 - connect to console of first router
> telnet to 192.168.23.202 - connect to console of second router
> etc.
Well, I guess I'll answer my own question, although I'm certainly
interested in a more elegant way to do this.
First, I decided it would be simpler with a separate subnet for the
console IP addresses. So, I added a loopback interface on the 2511 with
an IP of 10.0.0.17/27.
Then, I made sure 10.0.0.0/27 is now routed to the 2511.
Then, I made e0 ip nat outside, and lo0 ip nat inside.
After that, I added the following:
ip nat inside source static tcp 192.168.23.200 2001 10.0.0.1 23
ip nat inside source static tcp 192.168.23.200 2002 10.0.0.2 23
ip nat inside source static tcp 192.168.23.200 2003 10.0.0.3 23
...
ip nat inside source static tcp 192.168.23.200 2016 10.0.0.16 23
Now, when I telnet to 10.0.0.1 I get the first console port, and so on.
I can now use DNS to identify the IP address for the console of each
router.
It took me awhile to get my brain around the fact that when coming from
outside to inside "ip nat inside source" would in fact translate the
destination IP and port of the packet. I still find cisco's NAT
implementation to be weird.
More information about the cisco-nsp
mailing list