Wireless Access

Reply
Contributor II
Posts: 55
Registered: ‎07-04-2014

NAT / ACL Problem

Hi,

 

i have a active/passiv 2 controller vrrp installation with 2 vlans. 1= internal 2. = mobile

 

controller is not default gatway of the vlans.

 

now i need to configure, that a modile device can access a server. It is possible?

 

I don not get the nat to work. the installation is for mobile devices so i cant get any routes into the client devices.

 

 

Valued Contributor II
Posts: 804
Registered: ‎12-01-2014

Re: NAT / ACL Problem

Hi,

 

Can you bring some more clarity on this, 

 

1.If the Controller VRRP IP is not he GW for the clients then how your controller is up linked ?

2.what do you mean by mobile devices are they wireless clients ? 

3. You want to access the servers so where are these servers ?

 

 

Please clarify so that I can help you on this.

Cheers,
Venu Puduchery,
[Is my post helped you ? Give Kudos :) ]
Contributor II
Posts: 55
Registered: ‎07-04-2014

Re: NAT / ACL Problem

1. the controller got his default gateway in vlan 1 (which is internal lan). vlan 2 is a single internet access with own router

 

2. the clients are wireless devices, but iphones etc. where i can't add any route etc. i do the

testing with a laptop, whe i add a route to use the controller as gateway it works

 

3. the clients in vlan2 should access 1 server in vlan 1

 

 

vlan1 got now route to vlan 2, therefore i need to nat at the wireless controller. i think i need some interception like the captiv portal does its redirect

Contributor II
Posts: 55
Registered: ‎07-04-2014

Re: NAT / ACL Problem

with a "route+srcnat" icmp is working, but i get no telnet answer?!

 

 

Valued Contributor II
Posts: 804
Registered: ‎12-01-2014

Re: NAT / ACL Problem

HI,

 

Is the Router, providing internet manageable ? if yes configure inter VLAN routing so that it can come back to the controller and then reach the internal VLAN ( VLAN 1). here assuming that the controller having connectivity to the internal servers :)

 

Ensure that, controller is having VLAN 1 and VLAN 2 interfaces configured.

 

If the Router is not manageable we have to look at other options :)

 

Make sense ??

Cheers,
Venu Puduchery,
[Is my post helped you ? Give Kudos :) ]
Contributor II
Posts: 55
Registered: ‎07-04-2014

Re: NAT / ACL Problem

if i configure a route on the internet router in vlan2 i will have an routing triangle.

 

can you ecplain me, why action "route" in  the acl i working for ICMP but not for telnet?

Valued Contributor II
Posts: 804
Registered: ‎12-01-2014

Re: NAT / ACL Problem

HI,

 

I'm not sure, can you check the user role and the policy mapped is allowing the desired traffic ??

 

Cheers,
Venu Puduchery,
[Is my post helped you ? Give Kudos :) ]
Contributor II
Posts: 55
Registered: ‎07-04-2014

Re: NAT / ACL Problem

the user role ist matching and the acl is

 

any sorce - destination host x.y.z - any service - action route

 

interface has source nat activated

 

sh datapath session shows the same for icmp and telnet but the telnet session is not working

Valued Contributor II
Posts: 804
Registered: ‎12-01-2014

Re: NAT / ACL Problem

Hi,

 

Ok, let me replicate this and bring some solution , give me some time :)

Cheers,
Venu Puduchery,
[Is my post helped you ? Give Kudos :) ]
Contributor II
Posts: 55
Registered: ‎07-04-2014

Re: NAT / ACL Problem

thats my config change today

 

interface vlan 1
        ip address 192.168.1.241 255.255.255.0

interface vlan 2
        ip address 192.168.2.2 255.255.255.0
        ip nat inside

ip access-list session ROUTE
  user host 192.168.1.100 any  route log

user-role Mobile
 access-list session ROUTE
 access-list session allowall

 

 

Search Airheads
Showing results for 
Search instead for 
Did you mean: