• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 464
  • Last Modified:

1811 Route/Forward Question

Hiya All,

I need to sort out a routing problem and I  am a little lost.

We have a 1811 router setup between us and another company and one of the subnets is access by both companies – more like a DMZ between the two of us.

The problem I have is I need to get them access to one of my terminal servers that is on a different subnet.

Terminal Server 10.10.20.30

What I would like to do is take one of the IP address on the shared subnet (10.10.50.30) and if someone directs traffic to it then to forward that to 10.10.20.30.

So here are the networks:

10.10.28.x (mine)
10.50.1.x (them)
10.10.50.x (shared)

Here is the config…

!This is the running config of the router: 10.10.28.240
!----------------------------------------------------------------------------
!version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname atms-pme-1811-1
!
boot-start-marker
boot-end-marker
!
no logging buffered
enable secret 5
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login sdm_vpn_xauth_ml_1 local
aaa authentication login sdm_vpn_xauth_ml_2 local
aaa authorization exec default local
aaa authorization network sdm_vpn_group_ml_1 local
aaa authorization network sdm_vpn_group_ml_2 local
!
aaa session-id common
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
!
!
ip cef
!
!
ip name-server 10.10.28.1
ip inspect audit-trail
ip ips notify SDEE
!
!
crypto pki trustpoint tti
 revocation-check crl
 rsakeypair tti
!
crypto pki trustpoint TP-self-signed-366126990
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-366126990
 revocation-check none
 rsakeypair TP-self-signed-366126990
!
!
crypto pki certificate chain tti
crypto pki certificate chain TP-self-signed-366126990
 certificate self-signed 01
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
  quit
username XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
!
!
!
crypto isakmp policy 1
 encr 3des
 group 2
!
crypto isakmp policy 2
 encr 3des
 authentication pre-share
 group 2
!
crypto isakmp client configuration group ATMS
 dns 10.10.28.1
 domain XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 pool SDM_POOL_1
 netmask 255.255.255.0
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto dynamic-map SDM_DYNMAP_1 1
 set transform-set ESP-3DES-SHA
 reverse-route
!
!
crypto map SDM_CMAP_1 client authentication list sdm_vpn_xauth_ml_1
crypto map SDM_CMAP_1 isakmp authorization list sdm_vpn_group_ml_1
crypto map SDM_CMAP_1 client configuration address respond
crypto map SDM_CMAP_1 65535 ipsec-isakmp dynamic SDM_DYNMAP_1
!
!
!
!
interface FastEthernet0
 description $FW_INSIDE$$ETH-LAN$
 ip address 10.10.28.240 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 duplex auto
 speed auto
!
interface FastEthernet1
 description $FW_OUTSIDE$$ETH-LAN$
 ip address 10.10.50.250 255.255.255.0
 ip verify unicast reverse-path
 duplex auto
 speed auto
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
!
interface FastEthernet5
!
interface FastEthernet6
!
interface FastEthernet7
!
interface FastEthernet8
!
interface FastEthernet9
!
interface Vlan1
 ip address 10.50.1.250 255.255.255.0
!
interface Async1
 no ip address
 encapsulation slip
!
ip local pool SDM_POOL_1 10.10.50.210 10.10.50.220
ip classless
ip route 0.0.0.0 0.0.0.0 10.10.28.254 permanent
ip route 10.0.0.0 255.0.0.0 FastEthernet0 permanent
ip route 10.10.50.0 255.255.255.0 FastEthernet1 permanent
ip route 10.50.1.0 255.255.255.0 10.50.1.1 permanent
!
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 5 life 86400 requests 10000
!
no logging trap

!
!
!
!
control-plane
!
!
line con 0
line 1
 modem InOut
 stopbits 1
 speed 115200
 flowcontrol hardware
line aux 0
line vty 0 4
 transport input telnet ssh
line vty 5 15
 transport input telnet ssh
!
no scheduler allocate
ntp clock-period 17180411
ntp update-calendar
ntp server 10.10.28.1 source FastEthernet0
end


0
dehmerl
Asked:
dehmerl
1 Solution
 
Scotty_ciscoCommented:
What I would like to do is take one of the IP address on the shared subnet (10.10.50.30) and if someone directs traffic to it then to forward that to 10.10.20.30.

Ok in the router you put the ip nat outside on the shared network 10.10.50.x and inside on the 10.10.20.x network.  Then in the router put the following.

ip nat inside source static 10.10.50.30 10.10.20.30

The router will then or should answer for the 10.10.50.30 (as long as the actual device does not) and forward the data to the 10.10.20.30

Thanks
Scott
0
 
dehmerlAuthor Commented:
this seems to be doing the job!
0

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now