Options

port forwarding on cisco router

aueddonlineaueddonline Member Posts: 611 ■■□□□□□□□□
in CCNA & CCENT
I have a few subnets at my house with a linksys ADSL. directly connected to the linksys router is the internet and th 192.168.2.0 /24 subnet. I also have a cisco router on the subnet which I normally forward all ssh traffic to.

My question is: Could I forward something like RDP to the cisco router and the forward it again to a subnet beyond the cisco router?
What's another word for Thesaurus?
· Share on FacebookShare on Twitter

Comments

  • Options
    PlazmaPlazma Member Posts: 503
    could you clarify why you want to do this.. like what are you trying to do? and also explain your ssh forwarding setup and why that is. that will help illustrate what your really trying to do.
    CCIE - COMPLETED!
    · Share on FacebookShare on Twitter
  • Options
    GT-RobGT-Rob Member Posts: 1,090
    Yes you could.
    http://frozenrouter.blogspot.com
    · Share on FacebookShare on Twitter
  • Options
    aueddonlineaueddonline Member Posts: 611 ■■□□□□□□□□
    Plazma wrote:
    could you clarify why you want to do this.. like what are you trying to do? and also explain your ssh forwarding setup and why that is. that will help illustrate what your really trying to do.


    I have a fixed IP at my house so when I ssh to my external address from the internet it takes cisco lab because any traffic coming in on port 22 gets forwarded to the cisco router.

    I would like to do the same thing with my server but it is located within the lab on a different subnet so the port forwarding I use on my ADSL router will not forward to that address. So I was wondering if I could forward RDP portd to the cisco router and then have it forward the traffic to the server.
    What's another word for Thesaurus?
    · Share on FacebookShare on Twitter
  • Options
    aueddonlineaueddonline Member Posts: 611 ■■□□□□□□□□
    GT-Rob wrote:
    Yes you could.


    could you point me in the right direction Rob
    What's another word for Thesaurus?
    · Share on FacebookShare on Twitter
  • Options
    GT-RobGT-Rob Member Posts: 1,090
    haha I just wrote something out based on RTP, but saw you said RDP. lol


    Anyway, that shouldn't be a problem. Forward RDP (port 3389) on the linksys to the router. Then setup NAT (which it sounds is already there) to statically forward that port to whatever IP your server is. This way 1.1.1.1:22 gets passed to your router and stays there, where 1.1.1.1:3389 gets passed to your router, then to your server (1.1.1.1 being your internet IP here).


    You could always put your Cisco router first if you want to have more/better control, but it should work either way.


    Look up Static NAT on Cisco.com and you will get tons of config examples.
    http://frozenrouter.blogspot.com
    · Share on FacebookShare on Twitter
  • Options
    PlazmaPlazma Member Posts: 503
    This should help illustrate the concepts your after:


    http://www.azureuswiki.com/index.php/Router_configuration#Cisco_IOS
    CCIE - COMPLETED!
    · Share on FacebookShare on Twitter
  • Options
    dtlokeedtlokee Member Posts: 2,378 ■■■■□□□□□□
    you can use the rotarty command under the line configuration mode to change the SSH port
    The only easy day was yesterday!
    · Share on FacebookShare on Twitter
  • Options
    aueddonlineaueddonline Member Posts: 611 ■■□□□□□□□□
    Ok I think this is the right command i'll have to do some test with it tomorrow

    ip nat inside source static tcp 'adsl IP' 3389 'server ip' 3389 extendable

    not sure if I need to configure inside and outside interfaces?
    What's another word for Thesaurus?
    · Share on FacebookShare on Twitter
  • Options
    dtlokeedtlokee Member Posts: 2,378 ■■■■□□□□□□
    you will need nat inside and outside to make it work.
    The only easy day was yesterday!
    · Share on FacebookShare on Twitter
  • Options
    aueddonlineaueddonline Member Posts: 611 ■■□□□□□□□□
    Ok so i'm having a bit of trouble with this, using the question mark it seem I had the addresses the wrong way round before. this is the way i have it configured with 172.16.1.2 being the server and 192.168.1.100 being the cisco interface the ADSL router is forwarding to.

    R1-2691(config)#ip nat inside source static tcp 172.16.1.2 ?
    <1-65535> Local UDP/TCP port

    R1-2691(config)#ip nat inside source static tcp 172.16.1.2 3389 ?
    A.B.C.D Inside global IP address
    interface Specify interface for global address

    R1-2691(config)#$de source static tcp 172.16.1.2 3389 192.168.1.100 ?
    <1-65535> Global UDP/TCP port

    R1-2691(config)#ip nat inside source static tcp 172.16.1.2 3389 192.168.1.100 3389 ?
    extendable Extend this translation when used
    mapping-id Associate a mapping id to this mapping
    no-alias Do not create an alias for the global address
    no-payload No translation of embedded address/port in the payload
    redundancy NAT redundancy operation
    route-map Specify route-map
    vrf Specify vrf
    <cr>

    R1-2691(config)#ip nat inside source static tcp 172.16.1.2 3389 192.168.1.100 3389
    R1-2691(config)#


    doesn't seem to work
    What's another word for Thesaurus?
    · Share on FacebookShare on Twitter
  • Options
    dtlokeedtlokee Member Posts: 2,378 ■■■■□□□□□□
    what does the translations table look like? Is there an access-list on the outside interface?
    The only easy day was yesterday!
    · Share on FacebookShare on Twitter
  • Options
    aueddonlineaueddonline Member Posts: 611 ■■□□□□□□□□
    dtlokee wrote:
    what does the translations table look like? Is there an access-list on the outside interface?

    no ACL, translation table ?
    What's another word for Thesaurus?
    · Share on FacebookShare on Twitter
  • Options
    dtlokeedtlokee Member Posts: 2,378 ■■■■□□□□□□
    show ip nat translations
    The only easy day was yesterday!
    · Share on FacebookShare on Twitter
  • Options
    aueddonlineaueddonline Member Posts: 611 ■■□□□□□□□□
    R1-2691#show ip nat translations
    Pro Inside global Inside local Outside local Outside global
    tcp 192.168.1.100:3389 172.16.1.2:3389 --- ---
    R1-2691#
    What's another word for Thesaurus?
    · Share on FacebookShare on Twitter
  • Options
    aueddonlineaueddonline Member Posts: 611 ■■□□□□□□□□
    some more info that might help

    when I use the following config I can't RDP from my 192.16.1.0/24 subnet and the show ip nat statistics readout changes, but if I get rid of the static nat entry it works fine.

    ip nat inside source static tcp 172.16.1.1 3389 192.168.1.100 3389 extendable
    !
    interface FastEthernet0/1
    ip address 172.16.1.100 255.255.255.0
    ip nat inside
    ip virtual-reassembly
    speed 100
    full-duplex
    interface FastEthernet0/0
    ip address 192.168.1.100 255.255.255.0
    ip nat outside
    ip virtual-reassembly
    duplex auto
    speed auto

    *Mar 1 14:58:18.850: NAT*: s=172.16.1.1->192.168.1.100, d=192.168.1.102 [21764]
    *Mar 1 14:58:21.850: NAT*: s=172.16.1.1->192.168.1.100, d=192.168.1.102 [21768]
    *Mar 1 14:58:27.850: NAT*: s=172.16.1.1->192.168.1.100, d=192.168.1.102 [21770]

    *Mar 1 14:59:27.910: NAT: expiring 192.168.1.100 (172.16.1.1) tcp 3389 (3389)
    What's another word for Thesaurus?
    · Share on FacebookShare on Twitter
Sign In or Register to comment.