11-01-2001 01:01 PM - edited 03-01-2019 07:11 PM
I have a set of users dialing into a modem pool that via NAT appears as a single valid address. These users are attempting to access an FTP server running on a non-standard port (6222) elsewhere on the internet and looking at the traffic it appears that their "PORT" command are not being translated by the Cisco to reflect the correct external address. I have attempted to use the "ip nat service" command to support both port 21 and 62222 but it does not appear to make a difference. I have tried assigning the service both to a list defining the single external address and the NAT address pool. Any
suggestions?
Config file (some parts removed for security):
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
...
ip subnet-zero
ip name-server a.b.c.d
ip name-server e.f.g.h
!
!
!
interface Ethernet0/0
ip address i.j.k.l 255.255.255.240
no ip directed-broadcast
ip nat outside
no ip mroute-cache
no cdp enable
!
interface Group-Async1
ip unnumbered Ethernet0/0
no ip directed-broadcast
ip nat inside
encapsulation ppp
ip tcp header-compression passive
async mode dedicated
peer default ip address pool setup_pool
ppp authentication chap pap
group-range 33 40
!
ip local pool setup_pool 192.168.10.1 192.168.10.8
ip nat service list 1 ftp tcp port 21
ip nat service list 1 ftp tcp port 6222
ip nat inside source list 1 interface Ethernet0/0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 g.h.i.j
!
access-list 1 permit 192.168.10.0 0.0.0.255
dialer-list 1 protocol ip permit
dialer-list 1 protocol ipx permit
snmp-server community public RO
!
line con 0
exec-timeout 0 0
transport input none
line 33 40
session-timeout 5 output
autoselect ppp
modem InOut
flowcontrol hardware
line aux 0
line vty 0 4
password xxxx
!
end