Hm-router Configuration for TP
650) this.width=650; "title=" clip_image002 "style=" Border-top:0px;border-right:0px;border-bottom:0px;border-left : 0px; "alt=" clip_image002 "src=" http://s3.51cto.com/wyfs02/M01/7D/09/wKioL1be8xqCg3MbAACGFZYCPvI261.jpg "height=" "border=" 0 "/>
Objective: To allow the extranet to access the FTP server [10.1.1.2]/telnet (here for testing purposes, using Telnet), which spans 2 Router
++++CNSO-TP01 Configuration +++++
Conf t
Service Timestamps debug datetime localtime Show-timezone msec
Service Timestamps log datetime localtime Show-timezone msec
Service Password-encryption
Service Sequence-numbers
Service tcp-keepalives-in
Service Tcp-keepalives-out
No IP HTTP Server
No IP http secure-server
No service config
No logging console
No logging monitor
Password encryption AES
Key Config-key Password-encrypt xxxxx
IP domain name hm.com
IP name-server 8.8.8.8 8.8.8.4
Hostname CNSO-TP01
IP CEF
IP multicast-routing
!
!
Crypto key generate RSA
1024
!
!
!
IP SSH version 2
IP SSH authentication-retries 3
!
!
!
Username xxxx priv Password 0 xxxx
Enable Secret 0 xxxxx
Line vty 0 4
Transport input All
Exec-timeout 15 0
Logging synchronous
Login Local
Exit
Banner EXEC #
*****************************************************************
*unauthorized ACCESS to this DEVICE is prohibited *
*you must has explicit, authorized permission to access or *
*configure this device. Unauthorized attempts and actions to *
*access or use the system may result in civil and/or criminal *
*penalties. All activities performed in this device is logged *
*and monitored. *
*****************************************************************#
!
!
!
Interface f0/0
Description * * * TP WAN INTERFACE * * *
IP address 12.1.1.2 255.255.255.0
No shut
Exit
Interface Vlan 1
Description * * * LAN INTERFACE * * *
IP address 192.168.1.1 255.255.255.0
No shut
Exit
!
!
Service DHCP
IP DHCP Pool HM-CN
Network 192.168.1.0 255.255.255.0
Default-router 192.168.1.1
Netbios-node-type H-node
Dns-server 8.8.8.8 8.8.4.4
Domain-name hm.com
Lease 3
Exit
IP dhcp excluded-address 192.168.1.1 192.168.1.10
!
!
IP route 0.0.0.0 0.0.0.0 f0/0 12.1.1.1
Access-list 1 Permit 192.168.1.0 0.0.0.255
IP nat inside source List 1 interface f0/0 overload
IP nat inside source static TCP 192.168.1.11 23 int f0/0
!
!
Interface f0/0
IP Nat Outside
No CDP Enable
No shut
Exit
Interface Vlan 1
IP nat Inside
CDP Ena
No shut
Exit
!
Test results:
You can telnet R4 outside.
650) this.width=650; "title=" clip_image004 "style=" Border-top:0px;border-right:0px;border-bottom:0px;border-left : 0px; "alt=" clip_image004 "src=" http://s3.51cto.com/wyfs02/M02/7D/0B/wKiom1be8pmiMuDKAADv0bmq-R4637.jpg "height=" 303 "border=" 0 "/>
Cnso-tp01#sh IP NAT Translations
Pro Inside Global Inside local Outside local Outside global
TCP 12.1.1.2:23 192.168.1.11:23 15.1.1.5:24113 15.1.1.5:24113
TCP 12.1.1.2:23 192.168.1.11:23 15.1.1.5:40245 15.1.1.5:40245
TCP 12.1.1.2:23 192.168.1.11:23------
======= above simulation test can enter CNSO-TP01 router=================
Cnso-tp01 (config) #ip Route 10.1.1.0 255.255.255.0 VLAN 1
Cnso-tp01 (config) #no IP nat inside source static TCP 192.168.1. 23 int f0/0
Cnso-tp01 (config) #ip nat inside source static TCP 192.168.1. f0/0 int 23
CT (config) #int F0/1
CT (config-if) #ip Nat outside
CT (config-if) #int f0/0
CT (config-if) #ip nat inside
CT (config-if) #exit
CT (config) #access-list 1 Permit 10.1.1.0 0.0.0.255
CT (config) #ip nat inside source List 1 interface F0/1 overload
CT (config) #ip nat inside source static TCP 10.1.1.2 23 int F0/1
The test was successful as follows:
650) this.width=650; "title=" clip_image006 "style=" Border-top:0px;border-right:0px;border-bottom:0px;border-left : 0px; "alt=" clip_image006 "src=" http://s3.51cto.com/wyfs02/M02/7D/09/wKioL1be8xvD9bz_AAB_dEIKdiU763.jpg "height=" 238 "border=" 0 "/>
Cnso-tp01#sh IP NAT Translations
Pro Inside Global Inside local Outside local Outside global
TCP 12.1.1.2:23 192.168.1.10:23 15.1.1.5:26987 15.1.1.5:26987
TCP 12.1.1.2:23 192.168.1.10:23------
Ct#sh IP NAT Translations
Pro Inside Global Inside local Outside local Outside global
ICMP 192.168.1.10:3 10.1.1.2:3 192.168.1.1:3 192.168.1.1:3
TCP 192.168.1.10:23 10.1.1.2:23 15.1.1.5:26987 15.1.1.5:26987
TCP 192.168.1.10:23 10.1.1.2:23------
Summary: Learn to be pragmatic!
This article from the "Erick" blog, declined to reprint!
[Actual]hm-router configuration for TP,