×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

no connect telnet in router 1751

Unanswered Question
Feb 22nd, 2003
User Badges:

I have configured a router with exit to Internet. Has configured NAT to leave. The problem that I can not from internet because the packets change the number of port 23.


As I can solve it

Regards

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
almetcousins Sat, 02/22/2003 - 05:55
User Badges:

Hi


In regard of your question I have to ask:

What kind of NAT are you using static or dynamic?

Are you trying to telnet the public or the private IP?



Why don't you paste the nat configuration you're using, that way we can help you better






solisbdj Mon, 02/24/2003 - 01:45
User Badges:

Hi,


I am using dynamic NAT?


I am trying the public IP.


this is the configuration;



Building configuration...


Current configuration : 1416 bytes

!

version 12.2

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname "XXXX"

!

enable secret 5

!

memory-size iomem 25

ip subnet-zero

!

!

!

ip audit notify log

ip audit po max-events 100

!

!

!

!

!

interface ATM0/0

no ip address

no ip route-cache

no ip mroute-cache

no atm auto-configuration

no atm ilmi-keepalive

no atm address-registration

no atm ilmi-enable

bundle-enable

dsl operating-mode auto

hold-queue 208 in

!

interface ATM0/0.1 point-to-point

ip address XXXX 255.255.255.0

ip nat outside

no ip route-cache

no ip mroute-cache

pvc 8/32

encapsulation aal5snap

!

!

interface FastEthernet0/0

ip address 192.168.0.1 255.255.255.0

ip nat inside

speed auto

half-duplex

no cdp enable

!

ip nat inside source list 101 interface ATM0/0.1 overload

ip classless

ip route 0.0.0.0 0.0.0.0 ATM0/0.1

ip http server

!

!

access-list 101 permit ip any any

no cdp run

!

!

line con 0

password 7

line aux 0

line vty 0 4

exec-timeout 5 0

password 7

login

!

no scheduler allocate

end


Regards

j.vanrooyen Mon, 02/24/2003 - 04:17
User Badges:

HI,


You are doing a PAT (Port Address Translation) due to the overload keyword added to your NAT statement , this will stop the connection from the outside.


If you need a telnet connection from the outside rather use a Static NAT for one of your interfaces i.e. ip nat inside source static 192.168.0.1 x.x.x.x


This will make it possible for you to telnet from the outside but remember that this is also a security risk so you have to be carefull.




almetcousins Mon, 02/24/2003 - 10:57
User Badges:

Hi!


In order to assure a little more security to your config, you can use port translations. That means that if you only want to telnet the router from the outside you should only alow port 23 translations. To do it just remove the line:


and instead input the following:

ip nat inside source static tcp 192.168.0.1 23 X.X.X.X 23


where X.X.X.X represent the outside ip address.


Hope this help

Actions

This Discussion