Hi Gents,
I'm struggling from about 2 days on this configuration, searching for a solution.
The scenario is simple (all Ips are fake):
I need to access to a service on port 8080 from Internet .
Between my client and the remote network i have an ADSL Router and a Cisco 800 with IOS 12.4
The remote device is natted behind a firewall that accepts request on his WAN interface (10.31.0.1-2-3) only from the network defined (in this case 10.31.0.0/24) .
So, I just need to reach one of these firewall pretenting to be a device on that subnet.
I'm gonna post a network layout and my actual sanitized config, that is the result of a HARD digging through cisco ufficial and unofficial forums.
Network layout: https://ibb.co/jvq3Gx
I also wanna point out some more ts steps already done:
-proxy arp is enabled on Vlan23
-I can't rely on nvi nat, because the device is on a remote site so i can't reconfigure it completely.
-I can get this to work with an IKEV1 IPSEC vpn client or S2S (already in pleace but not included in the config) , but for this scenario is not suitable.
(all commands made on RTR-A)
sh ip nat trans
Pro Inside global Inside local Outside local Outside global tcp 30.30.30.30:8080 10.31.0.1:8080 10.31.0.224:63938 80.80.80.80:63938
ip nat debug (when the client ask for the service behind 8080)
Oct 17 20:02:31.000: NAT: s=80.80.80.80->10.31.0.224, d=30.30.30.30 [31879] Oct 17 20:02:31.000: NAT: s=10.31.0.224, d=30.30.30.30->10.31.0.1 [31879] *Oct 17 20:02:35.184: NAT: expiring 30.30.30.30 (10.31.0.1) tcp 8080 (8080)
sh run
Many thanks to anyone will spend time on this,
This is not a critical config for our environment, but I really want to figure out what I'm doing wrong.
Regards
No comments:
Post a Comment