Use PAT to Establish a Session Between CTC and ONS 15454 when CTC is Inside the Firewall

Available Languages

Download Options

  • PDF     (91.2 KB)
    View with Adobe Reader on a variety of devices
Updated:January 11, 2006
Document ID:1496451217186199

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Introduction

This document provides a sample configuration for Port Address Translation (PAT) to establish a session between Cisco Transport Controller (CTC) and ONS 15454 when CTC resides inside the firewall.

Prerequisites

Requirements

Ensure that you meet these requirements before you attempt this configuration:

  • Have basic knowledge about Cisco ONS 15454.

  • Know which Cisco Routers support PAT.

Components Used

The information in this document is based on these software and hardware versions:

  • Cisco ONS 15454 version 4.6.X and later

  • Cisco IOS® Software Release 12.1(11) and later

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

Conventions

Refer to the Cisco Technical Tips Conventions for more information on document conventions.

Background Information

Topology

The topology consists of these elements:

  • One Cisco ONS 15454

  • One PC

  • One Cisco 2600 Series Router

The ONS 15454 resides in the external network and acts as the server. The PC resides in the internal network, and serves as the CTC client. The Cisco 2600 Series Router provides the PAT support.

Configure

In this section, you are presented with the information to configure the features described in this document.

Note: Use the Command Lookup Tool (registered customers only) to obtain more information on the commands used in this section.

Network Diagram

This document uses this network setup:

Figure 1 – Topology

ctc_ons_pat_01.gif

Configurations

This document uses these configurations:

  • Cisco ONS 15454

  • PC

  • Cisco 2600 Series Router

Cisco ONS 15454 Configuration

10.89.238.192 is the IP address of the ONS 15454 (see arrow A in Figure 2), and 10.89.238.1 represents the default router (see arrow B in Figure 2).

Figure 2 – ONS 15454 Configuration

ctc_ons_pat_02.gif

Complete these steps in order to ensure that CTC communicates with ONS 15454 through PAT:

  1. Check the Enable proxy server on port check box in the Gateway Settings section (see arrow C in Figure 2).

  2. Select the Proxy-only option (see arrow D in Figure 2).

  3. Click Apply.

If you do not enable the proxy server, CTC fails with these error messages:

  • EID-2199 (see Figure 3)

  • Failure during IOR Repository Initialization (see Figure 4).

Figure 3 – EID-2199 Error

ctc_ons_pat_03.gif

Figure 4 – CTC Initialization Error

ctc_ons_pat_04.gif

PC Configuration

172.16.1.254 is the IP address of the PC (see arrow A in Figure 5), and 172.16.1.1 represents the default gateway (see arrow B in Figure 5).

Figure 5 – PC Configuration

ctc_ons_pat_05.gif

Router Configuration

This section provides the procedure to configure the router.

Complete these steps:

  1. Configure the internal interface, where the ONS 15454 resides.

    !
interface Ethernet1/0
 ip address 10.89.238.1 255.255.255.0
 ip nat outside
!

  2. Configure the external interface, where the CTC client resides.

    interface Ethernet1/1
 ip address 172.16.1.1 255.255.255.0
 ip nat inside
!

  3. Configure PAT support on the router. The configuration indicates that any packet that arrives on the internal interface, which access list 1 permits, shares one outside IP address. The outside IP address is 10.89.238.1 in this configuration.

    !

!--- Indicates that any packets that arrive on the internal interface, which !--- access list 1 permits, share one outside IP address (the address !--- on ethernet1/0).


ip nat inside source list 1 int ethernet1/0 overload
access-list 1 permit 172.16.1.0 0.0.0.255
!

Verify

Use this section to confirm that your configuration works properly.

Verification Procedure

Complete these steps:

  1. Run Microsoft Internet Explorer.

  2. Type http://10.89.238.192 in the Address bar of the browser window, and press ENTER.

    The CTC Login window appears.

  3. Type the correct User Name and Password.

    The CTC client successfully connects to ONS 15454.

Troubleshoot

This section provides information you can use to troubleshoot your configuration.

Issue the debug ip nat detailed command to turn on the IP NAT detailed trace. You can view the address translations from 172.16.1.254 to 10.89.238.1 (see arrow A in Figure 6), and from 10.89.238.1 to 172.16.1.254 (see arrow B in Figure 6).

Figure 6 – Debug IP NAT Detailed

ctc_ons_pat_06.gif

Related Information

Was this Document Helpful?

FeedbackFeedback

Contact Cisco

This Document Applies to These Products