Static Route Question? 4

[yemaya]

Hi,

I want to check with you guys the best way to route the traffic coming from internet to a specific interface in Router-A and then to the Router-B (access server), here is the pic:

I have this NAT statement in Router-A:

ip nat inside source static 192.168.200.2 206.53.50.230

Thanks in Advance.

 

[yemaya]

Hi plshlpme,

The problem right now is, i'm using putty to connect me to my gateway router (R1) and i can't do it, i got this error:

putty fatal error

Network Error: Connection time out

When i ping the static ip address 206.xx.xx.230 i only got time out, the only ip address i ping and got resoult is the fist ip address in my block (206.xx.xx.224).

Do you think my NAT statements in Router 1 are incomplete?, here is the NAT statement:

ip nat pool IP-BLOCK 206.xx.xx.225 206.xx.xx.226 netmask 255.255.255.248
ip nat inside source list NAT pool IP-BLOCK overload
ip nat inside source static tcp 192.168.2.5 4577 interface Dialer0 4577
ip nat inside source static udp 192.168.2.5 42337 interface Dialer0 42337
ip nat inside source static 192.168.200.2 206.xx.xx.230
ip nat inside source static tcp 192.168.200.2 22 206.xx.xx.230 22 extendable
!
ip access-list standard NAT
 permit 192.168.1.0 0.0.0.255
 permit 192.168.2.0 0.0.0.255
 permit 192.168.3.0 0.0.0.255
 permit 192.168.4.0 0.0.0.255
 permit 192.168.5.0 0.0.0.255
 permit 192.168.200.0 0.0.0.255

Thanks in advance.

 

[plshlpme]

well you have these two statements

ip nat inside source static 192.168.200.2 206.xx.xx.230
ip nat inside source static tcp 192.168.200.2 22 206.xx.xx.230 22 extendable

the second one is redundant.. as the one before is a static one to one mapping..

they look ok as long as your allowing port 22 on your acl inbound on that interface..

do you ahve the static route on your router b facing router a?

 

[yemaya]

Hi plshlpme,

Do i need to add this to my WAN access list?

permit tcp any host 206.xx.xx.230 eq 22

yes, i have the static route that you told me before in router 2;

ip route 0.0.0.0 0.0.0.0 192.168.200.1

Thanks in advance.

 

[plshlpme]

ya you will need that in your access-list inbound on your wan link

 

[yemaya]

Hi plshlpme;

Nothing, i can't access my access server (R2) from outside, i tried everything and nothing, can you please check again my configuration?

Router1:

NAT Configuration:

ip nat pool IP-BLOCK 206.xx.xx.225 206.xx.xx.226 netmask 255.255.255.248
ip nat inside source list NAT pool IP-BLOCK overload
ip nat inside source static tcp 192.168.2.5 4577 interface Dialer0 4577
ip nat inside source static udp 192.168.2.5 42337 interface Dialer0 42337
ip nat inside source static 192.168.200.2 206.xx.xx.230
ip nat inside source static tcp 192.168.200.2 22 206.xx.xx.230 22 extendable
!
ip access-list standard NAT
 permit 192.168.1.0 0.0.0.255
 permit 192.168.2.0 0.0.0.255
 permit 192.168.3.0 0.0.0.255
 permit 192.168.4.0 0.0.0.255
 permit 192.168.5.0 0.0.0.255
 permit 192.168.200.0 0.0.0.255

ACL Config:

ip access-list extended WAN
 permit tcp any host 206.53.50.230 eq 22

!
interface Vlan1
 ip address 192.168.200.1 255.255.255.0
!         
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!

Router2:

interface Ethernet0/0
 description CONNECTED TO GATEWAY
 ip address 192.168.200.2 255.255.255.0
 full-duplex
!
ip route 0.0.0.0 0.0.0.0 192.168.200.1 permanent
!

Do i have to setup SSH in router 1 as well or just in router 2?.

Thanks in advance.

 

[plshlpme]

you might as well post the whole configs for both routers.. that way we can look at it properly.
making sure things are applied properly etc.

 

[Minue]

Hello Yemaya
As I told you before.Save your main config to a safe place.Then erase your config.Build a simple cofiguration using the default telnet with port 23,that will get you into Router B.Then after you can start using SSH and putting on your ACL's and test as you go to find out the problem.This is the best solution for your case.
Regards

 

[yemaya]

Hi Guys,

Thanks for your help, i can now connect to my access server remotely via SSH, after few days looking the configuration in my gateway router i noticed that i didn't put this cmd: IP NAT INSIDE under interface vlan1 , after added this cmd everything is working, again, thank you guys.

Thanks.