Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
382
Views
0
Helpful
4
Replies

NAT doesn't work in 831 router

Go to solution
chicagotech
Level 1
Level 1

‎07-10-2006 06:33 PM - edited ‎03-03-2019 01:18 PM

We just added another XP computer to our network and would like to access it using Remote Desktop from the Intrenet. So, we added this line in the Cisco 831 router.

ip nat outside source static tcp x.x.x.70 3389 172.16.5.2 3389 extendable

But the user can?t access it using the RDP. We can access the XP internally. What?s wrong with the Cisco router configuration?

version 12.3

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname 831

!

clock timezone America/Chicago -6

clock summer-time America/Chicago date Apr 6 2003 2:00 Oct 26 2003 2:00

no aaa new-model

ip subnet-zero

no ip source-route

ip domain name cisco.com

ip name-server 4.x.x.1

ip dhcp excluded-address 172.16.5.1 172.16.5.9

ip dhcp excluded-address 172.16.5.51 172.16.5.254

!

ip dhcp pool sdm-pool1

network 172.16.5.0 255.255.255.0

default-router 172.16.5.1

dns-server 4.2.2.1

!

!

no ip bootp server

ip inspect name sdm_ins_in_100 cuseeme

ip inspect name sdm_ins_in_100 ftp

ip inspect name sdm_ins_in_100 h323

ip inspect name sdm_ins_in_100 netshow

ip inspect name sdm_ins_in_100 rcmd

ip inspect name sdm_ins_in_100 realaudio

ip inspect name sdm_ins_in_100 rtsp

ip inspect name sdm_ins_in_100 smtp

ip inspect name sdm_ins_in_100 sqlnet

ip inspect name sdm_ins_in_100 streamworks

ip inspect name sdm_ins_in_100 tftp

ip inspect name sdm_ins_in_100 tcp

ip inspect name sdm_ins_in_100 udp

ip inspect name sdm_ins_in_100 vdolive

ip inspect name sdm_ins_in_100 icmp

ip audit notify log

ip audit po max-events 100

no ftp-server write-enable

!

!

!

!

!

!

!

interface Ethernet0

description $FW_INSIDE$$ETH-LAN$

ip address 172.16.5.1 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat inside

no cdp enable

!

interface Ethernet1

description $FW_OUTSIDE$$ETH-WAN$

ip address x.x.x.70 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat outside

ip inspect sdm_ins_in_100 in

duplex auto

no cdp enable

!

interface FastEthernet1

no ip address

duplex auto

speed auto

!

interface FastEthernet2

no ip address

duplex auto

speed auto

!

interface FastEthernet3

no ip address

duplex auto

speed auto

!

interface FastEthernet4

no ip address

duplex auto

speed auto

!

ip nat inside source list 1 interface Ethernet1 overload

ip nat outside source static tcp x.x.x.70 3389 172.16.5.11 3389 extendable

ip nat outside source static tcp x.x.x.70 3389 172.16.5.2 3389 extendable

ip classless

ip route 0.0.0.0 0.0.0.0 x.x.x.1 permanent

ip http server

ip http authentication local

ip http secure-server

!

access-list 1 permit 172.0.0.0 0.255.255.255

no cdp run

banner login ^CCAuthorized access only!

Disconnect IMMEDIATELY if you are not an authorized user!^C

!

line con 0

login local

no modem enable

line aux 0

line vty 0 4

privilege level 15

login local

transport input telnet ssh

!

scheduler max-task-time 5000

!

end

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
leonvd79
Level 4
Level 4

‎07-11-2006 01:55 AM

Hello,

You have mapped the RDP protocol to two inside local hosts. This is not possible in case of a single outside global address.

ip nat outside source static tcp x.x.x.70 3389 172.16.5.11 3389 extendable

ip nat outside source static tcp x.x.x.70 3389 172.16.5.2 3389 extendable

NAT only allows one port address translation per host.

HTH

--Leon

* Please rate posts.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
leonvd79
Level 4
Level 4

‎07-11-2006 01:55 AM

Hello,

You have mapped the RDP protocol to two inside local hosts. This is not possible in case of a single outside global address.

ip nat outside source static tcp x.x.x.70 3389 172.16.5.11 3389 extendable

ip nat outside source static tcp x.x.x.70 3389 172.16.5.2 3389 extendable

NAT only allows one port address translation per host.

HTH

--Leon

* Please rate posts.

0 Helpful

Go to solution
chicagotech
Level 1
Level 1
In response to leonvd79

‎07-11-2006 06:30 AM

Sorry, it should be x.x.x.71 as showing below.

ip nat outside source static tcp x.x.x.70 3389 172.16.5.11 3389 extendable

ip nat outside source static tcp x.x.x.71 3389 172.16.5.2 3389 extendable

0 Helpful

Go to solution
chicagotech
Level 1
Level 1
In response to chicagotech

‎07-11-2006 06:34 AM

x.x.x.70 works but x.x.x.71.

0 Helpful

Go to solution
chicagotech
Level 1
Level 1
In response to chicagotech

‎07-11-2006 01:00 PM

I fixed it using this line:

ip nat inside source static tcp 172.16.5.2 3389 xx.xx.xx.71 3389 extendable

The details can be found here. http://www.chicagotech.net/cisco/381nat1.htm

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card