View: 1810|Reply: 0

IP NAT outside / inside source problem

[Copy link]

0

Threads

0

Posts

0

Credits

Guest

Credits
0
Post time 21-7-2021 17:16:27 | Show all posts |Read mode


7  Hours ago upload
2) Experimental purpose: rx1 device can telnet rx2 device through 10.10.10.254
3) Specific configuration
Rx1 configuration:

interface f0/0
ipadd 172.168.1.1 255.255.255.252
ipnat inside
interface loopback 0
ipadd 10.10.10.1 255.255.255.0
ipnat outside
ip nat inside sourcestatic tcp 20.20.20.1 23 10.10.10.254 23
ip route 20.20.20.0255.255.255.0 172.168.1.2


Rx2 configuration:
interface f0/0
ipadd 172.168.1.2 255.255.255.252
interface loopback 0
ipadd 20.20.20.1 255.255.255.0
ip route 10.10.10.0255.255.255.0 172.168.1.1
line vty 0 4
password cisco


login
4) Results: rx1 could not implement telnet rx2 device through 10.10.10.254
5) Correction method: add a new command on rx1 device: IP NAT outside source static10.10.10.110.10.10.254
6) Question: if the IP address of 10.10.10.254 is replaced by the FA0 / 0 address of rx2, the above IP NAT outside need not be added. Why add this command?
7) Here are some of my personal understanding, please help to see if there is deviation in understanding, thank you!
Some personal understandings - 1: from the process of rx1 - rx2, dip (10.10.10.254:23) SIP (10.10.10.1: any), to the outside port, NAT first and then look up the routing table, and the changed IP packet header information is dip(20.20.20.1:23)SIP(10.10.10.1:any); Next, go back to rx2 - "rx1, dip (10.10.10.1: any) SIP (20.20.20.1:23) and get to the inside port. Check the route first and then NAT. The changed IP packet header information is dip (10.10.10.1: any) SIP (20.20.20.1:23). At this time, I feel that dip‘s 10.10.1 is accessible and there is no routing problem. I think the packet can reach rx1, The final result of the experiment is that the TCP connection of Telnet cannot be created. What‘s the reason?
Some personal understandings - 2: IP NAT inside sourc: convert the inside global address to inside local for dip in the direction of ouside - "inside", and convert the inside local address to inside global for SIP in the direction of inside - "outside".
Personal understanding - 3: inside global: 10.10.10.254, inside local: 20.20.20.1, outside global: 10.10.10.1, outside local: 10.10.10.254


Reply

Use magic Report

You have to log in before you can reply Login | Register Now

Points Rules

Quick Reply Contact us with Skype Contact us with Whastsapp Contact us with Telegram Contact us with Line Contact us with Line Contact us with Line Contact us with Line To Top Return to the list