02-22-2003 02:27 AM - edited 03-02-2019 05:18 AM
I have configured a router with exit to Internet. Has configured NAT to leave. The problem that I can not from internet because the packets change the number of port 23.
As I can solve it
Regards
02-22-2003 05:55 AM
Hi
In regard of your question I have to ask:
What kind of NAT are you using static or dynamic?
Are you trying to telnet the public or the private IP?
Why don't you paste the nat configuration you're using, that way we can help you better
02-24-2003 01:45 AM
Hi,
I am using dynamic NAT?
I am trying the public IP.
this is the configuration;
Building configuration...
Current configuration : 1416 bytes
!
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname "XXXX"
!
enable secret 5
!
memory-size iomem 25
ip subnet-zero
!
!
!
ip audit notify log
ip audit po max-events 100
!
!
!
!
!
interface ATM0/0
no ip address
no ip route-cache
no ip mroute-cache
no atm auto-configuration
no atm ilmi-keepalive
no atm address-registration
no atm ilmi-enable
bundle-enable
dsl operating-mode auto
hold-queue 208 in
!
interface ATM0/0.1 point-to-point
ip address XXXX 255.255.255.0
ip nat outside
no ip route-cache
no ip mroute-cache
pvc 8/32
encapsulation aal5snap
!
!
interface FastEthernet0/0
ip address 192.168.0.1 255.255.255.0
ip nat inside
speed auto
half-duplex
no cdp enable
!
ip nat inside source list 101 interface ATM0/0.1 overload
ip classless
ip route 0.0.0.0 0.0.0.0 ATM0/0.1
ip http server
!
!
access-list 101 permit ip any any
no cdp run
!
!
line con 0
password 7
line aux 0
line vty 0 4
exec-timeout 5 0
password 7
login
!
no scheduler allocate
end
Regards
02-24-2003 04:17 AM
HI,
You are doing a PAT (Port Address Translation) due to the overload keyword added to your NAT statement , this will stop the connection from the outside.
If you need a telnet connection from the outside rather use a Static NAT for one of your interfaces i.e. ip nat inside source static 192.168.0.1 x.x.x.x
This will make it possible for you to telnet from the outside but remember that this is also a security risk so you have to be carefull.
02-24-2003 10:57 AM
Hi!
In order to assure a little more security to your config, you can use port translations. That means that if you only want to telnet the router from the outside you should only alow port 23 translations. To do it just remove the line:
and instead input the following:
ip nat inside source static tcp 192.168.0.1 23 X.X.X.X 23
where X.X.X.X represent the outside ip address.
Hope this help
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: