Sharing Ilmu

Sharing for useful things

How to remote Devices inside NATed Network

When you are as a network engineer that you will have to access your devices but you’re connection only have one public address on router and other devices are NATed inside the router. How can we access it ?

In this tutorial I’ll expain how to do that. we can use static nat with custom port number.  Here’s the topology that used :

 

Based on topology above, I have one router for the public access and three switch in local network.

First we need to configuration address on each devices :

ROUTER :

Configuration IP Address

Router(config)#hostname MyRouter
MyRouter(config)#int e0/0
MyRouter(config)#no shut
MyRouter(config-if)#ip add 172.16.92.130 255.255.255.0
MyRouter(config)#int e0/1
MyRouter(config-if)#ip add 172.30.10.1 255.255.255.0
MyRouter(config-if)#no shut
MyRouter(config)#ip route 0.0.0.0 0.0.0.0 172.16.92.2

Configuration user & Remote access :

MyRouter(config)#ip domain-name taufiknurhuda.web.id
MyRouter(config)#username admin priv 15 sec 123
MyRouter(config)#crypto key generate rsa gen modulus 2048
MyRouter(config)#line vty 0 4
MyRouter(config-line)#login local
MyRouter(config-line)#transport input ssh
MyRouter(config-line)#exit

SWITCH :

Switch(config)#hostname CORE
CORE(config)#int range e0/0-2
CORE(config-if-range)#switchport trunk encap dot1q
CORE(config-if-range)#switchport mode trunk
CORE(config-if-range)#exit
CORE(config)#int vlan 1
CORE(config-if)#no shutdown
CORE(config-if)#ip add 172.30.10.2 255.255.255.0
CORE(config-if)#exit
CORE(config)#ip routing
CORE(config)#ip route 0.0.0.0 0.0.0.0 172.30.10.1


Switch(config)#hostname SW-A
SW-A(config)#int e0/0
SW-A(config-if)#switchport trunk encap dot1q
SW-A(config-if)#sw mode trunk
SW-A(config-if)#exit
SW-A(config)#int vlan 1
SW-A(config-if)#no shut
SW-A(config-if)#ip add 172.30.10.3 255.255.255.0
SW-A(config-if)#exit
SW-A(config)#ip default-gateway 172.30.10.1
Switch(config)#hostname SW-B
SW-B(config)#int e0/0
SW-B(config-if)#sw trunk encap dot1q
SW-B(config-if)#sw mode trunk
SW-B(config-if)#exit
SW-B(config)#int vlan 1
SW-B(config-if)#no shut
SW-B(config-if)#ip add 172.30.10.4 255.255.255.0
SW-B(config-if)#exit
SW-B(config)#ip default-gateway 172.30.10.1

 

Configure user & remote access for all switches

(config)#ip domain-name taufiknurhuda.web.id
(config)#crypto key gen rsa gen mod 2048
(config)#username admin priv 15 sec 123
(config)#line vty 0 4
(config-line)#login local
(config-line)#transport input ssh
(config-line)#exit

 

Configure NAT access in router :

Router(config)#ip access-list standard LAN
Router(config-std-nacl)#permit 172.30.10.0 0
Router(config-std-nacl)#permit 172.30.10.0 0.0.0.255
Router(config-std-nacl)#exit
Router(config)#int e0/0
Router(config-if)#ip nat outside
Router(config-if)#exit
Router(config)#int e0/1
Router(config-if)#ip nat inside
Router(config-if)#exit
Router(config)#ip nat inside source list LAN interface e0/0 overload
Router(config)#

 

Test connection on switch :

CORE#ping 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 21/23/29 ms
CORE#

 

SW-A#ping 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 34/210/819 ms
SW-A#

 

SW-B#ping 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 21/37/83 ms
SW-B#

 

Router#show ip nat translations
Pro Inside global Inside local Outside local Outside global
icmp 172.16.92.130:3 172.30.10.2:3 8.8.8.8:3 8.8.8.8:3
icmp 172.16.92.130:0 172.30.10.3:3 8.8.8.8:3 8.8.8.8:0
icmp 172.16.92.130:2 172.30.10.4:2 8.8.8.8:2 8.8.8.8:2
Router#

Connection test was successfully. Then we want to configure static nat to permit SSH remote connection for switch CORE, SW-A and SW-B use a custom port number. For the example I’ll use custom port as the following :

  • CORE : 2201
  • SW-A : 2202
  • SW-B : 2203

Configure static nat on router :

MyRouter(config)#ip nat inside source static tcp 172.30.10.2 22 172.16.92.130 2201
MyRouter(config)#ip nat inside source static tcp 172.30.10.3 22 172.16.92.130 2202
MyRouter(config)#ip nat inside source static tcp 172.30.10.4 22 172.16.92.130 2203

Test Remote access from outside network :

Remote access to router :

Remote Access to switch throught router with custom port was successfull

z
Previous Article
Next Article

Leave a Reply

Your email address will not be published. Required fields are marked *.

*
*
You may use these <abbr title="HyperText Markup Language">HTML</abbr> tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Copyright © 2024 Sharing Ilmu All Right Reserved. Online CV Resume Theme By eDataStyle . Proudly powered by WordPress .