dnat nat issue

Unanswered Question
Aug 29th, 2007

Iam trying to configure dnat on cisco 7507 . When i try to reach the resource with the dnat ip iam getting the following error message. Could any one clear what this message conveys

**********************************************

18w4d: TCP0: state was SYNRCVD -> CLOSED [23 -> 131.107.2.40(33135)]

18w4d: tcp0: T CLOSED 131.107.2.40:33135 172.20.63.254:23 early close

18w4d: TCB 0x61D35B08 destroyed

18w4d: TCP0: state was LISTEN -> SYNRCVD [23 -> 131.107.2.40(33135)]

18w4d: TCP0: Connection to 131.107.2.40:33135, ignoring option 3

18w4d: TCP0: Connection to 131.107.2.40:33135, received MSS 1380, MSS is 516

18w4d: TCP: sending SYN, seq 1255642660, ack 2779957893

18w4d: TCP0: Connection to 131.107.2.40:33135, advertising MSS 536

18w4d: TCP0: timeout #3 - timeout is 16000 ms, seq 1255642660

18w4d: TCP0: state was SYNRCVD -> CLOSED [23 -> 131.107.2.40(33135)]

18w4d: tcp0: T CLOSED 131.107.2.40:33135 172.20.63.254:23 early close

18w4d: TCB 0x61D17CD8 destroyed

18w4d: TCP0: state was LISTEN -> SYNRCVD [23 -> 131.107.2.40(33135)]

18w4d: TCP0: Connection to 131.107.2.40:33135, ignoring option 3

18w4d: TCP0: Connection to 131.107.2.40:33135, received MSS 1380, MSS is 516

18w4d: TCP: sending SYN, seq 3053421087, ack 2779957893

18w4d: TCP0: Connection to 131.107.2.40:33135, advertising MSS 536

18w4d: TCP0: timeout #3 - timeout is 16000 ms, seq 3053421087

18w4d: TCP0: state was SYNRCVD -> CLOSED [23 -> 131.107.2.40(33135)]

18w4d: tcp0: T CLOSED 131.107.2.40:33135 172.20.63.254:23 early close

18w4d: TCB 0x61D3AC14 destroyed

*********************************************

Thanks in advance for the help

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
thomas.chen Tue, 09/04/2007 - 11:34

You can use this command to perform Destination NAT (dnat) of one destination IP address to another IP address.

In dnat, the PIX changes the destination IP of an application call from one IP address to another IP address.

This process is used when you want the actual application call from the internal client to the server in a perimeter (dmz) network by its external IP address. This does not "doctor" the DNS replies.

For example, if a host sends a packet to 99.99.99.99, you can use the alias command to redirect traffic to another address, such as 10.10.10.10. You can also use this command to prevent conflicts when you have IP addresses on a network that are the same as those on the Internet or another intranet.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094aee.shtml

Actions

This Discussion