01-06-2009 02:59 PM - edited 03-06-2019 03:16 AM
Hi, I have a cisco 1720, with IOS Version 12.2(8)TPC10a.
I have configured a FTP server with NAT static in this router but we have problems to open sessions.
Do you know if this is related with IOS? someone tell me I have to configure TCP MSS Adjustment in the LAN interface, but documentation says that NAT don't have to be configured.
do you think if this is neccesary?
01-06-2009 03:13 PM
William
I do not see anything in the information that you have given us that would indicate that you need to adjust MSS. On the other hand you have not told us much about your situation. What kind of outbound connection is the router using? Are you configuring any kind of tunneling (GRE or IPSec or anything like that)?
My first guess would be that there is some isse about the configuration of NAT. Could you post the router config so that we can see what is going on?
And it would be easy to configure the TCP adjust MSS and see if it helps. It would not hurt anything and it is possible that it would help.
HTH
Rick
01-06-2009 03:29 PM
Hi Rick, thank you for your reply.
I don't have tunneling configured. I have a frame relay link between an external router (in network 192.168.10.X) and the Cisco 1720, these one is connecting to network 10.1.1.0 through a firewall with an ip 192.168.4.5.
The FTP server is in network 10.1.1.X ((the FTP server is 10.1.1.138)
The configuration is as follows:
ROUTER_1720#sh run
Building configuration...
Current configuration : 1617 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname ROUTER_1720
!
memory-size iomem 25
ip subnet-zero
!
ip audit notify log
ip audit po max-events 100
!
!
!
interface FastEthernet0
ip address 192.168.4.6 255.255.255.252
ip nat inside
speed auto
!
interface Serial0
no ip address
encapsulation frame-relay
no fair-queue
frame-relay traffic-shaping
frame-relay lmi-type ansi
!
interface Serial0.1 point-to-point
description CANAL_A
ip address 192.168.35.26 255.255.255.252
ip nat outside
frame-relay interface-dlci 496
class 256K
!
!
ip nat inside source static 10.1.1.138 192.168.116.179
ip classless
ip route 10.1.1.0 255.255.255.0 192.168.4.5
ip route 192.168.10.0 255.255.255.0 192.168.35.25
no ip http server
!
!
!
map-class frame-relay 256K
no frame-relay adaptive-shaping
frame-relay cir 256000
frame-relay bc 256000
frame-relay be 0
frame-relay mincir 256000
!
!
line con 0
login
line aux 0
line vty 0 4
login
!
no scheduler allocate
end
ROUTER_1720#
01-06-2009 08:01 PM
William
Thanks for posting the router config. There are a couple of things about it that I would like to ask about:
- perhaps you could explain the topology. your comments indicate that the connection through FastEthernet0 is through a firewall. And apparently the inside network is through the firewall? and the Frame Relay interface leads to the outside? So who is attempting to access the FTP server? what interface does that traffic arrive on?
- I am surprised that there is no dynamic routing protocol and only 2 static routes. There is a route to 10.0.0.0 through the inside and a route to 192.168.10.0 through the outside. And there are no other routes.
- which leads to one of the problems. You are translating the address of the FTP server into 192.168.116.179 but there is no routing information about how to get to 192.168.116. So this would be the first problem about why you can not access the FTP server.
HTH
Rick
01-07-2009 07:27 AM
Hi Rick, sorry for my simple description. I'm attaching a diagram i hope it helps you to understand the topology. It's a very simple topology. There is not a routing protocol because it's basically a point-to-point connection.
Router B, in the diagram is the firewall i described before, but this firewall, in this case, is just routing network 10.1.1.x and network 192.168.4.x
A host in network 192.168.10.x is able to do a ping to NATed server 192.168.116.179 (which real address is 10.1.1.138), but, when it try to open a FTP connection just appear the "welcome screen" but it doesn't permit to enter the user and password.
some people told me that it's because i have to configure the tcp adjust mss, but i think it's a problem with the FTP server.
so, do you think i have to configure de tcp adjust mss?
01-09-2009 09:36 AM
Thanks a lot for your interest Rick. I have resolved the problem.
It's not necessary to modify the size of packets with TCP MSS ADJUST.
Problem was in FTP server and some security rules.
Thank you
01-09-2009 09:59 AM
William
Thank you for posting back indicating that you have resolved the problem and what the problem was. It makes the forum more useful when people can read about a problem and can read what the problem was.
HTH
Rick
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: