Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
563
Views
5
Helpful
2
Replies

Using Double NAT, can it affect telnet with port number from internet ?

r.hew
Level 1
Level 1

‎03-15-2006 07:18 AM - edited ‎03-03-2019 12:04 PM

Dear Sir,

With service provider MPLS network, 1st NAT have been done at customer HQ (private network to 95.x.x.x) and second NAT was done at SP VAS (Value Added Network) before connecting to internet access.

My question is can we telnet from public internet network to customer SMTP server using port 25 ??

The Mail server is static NATted all the way to internet, meaning that 1st NAT & 2nd NAT are static NAT.

Below is the result when;

1) Telneting after 1st NAT from customer CPE(customer provider edge) at branch or SP PE(Provider Egde) to 95.x.x.x network was successfully;

Result:

FROM BRANCH CPE or PE;

CE1#telnet 95.0.8.99 25

Trying 95.0.8.99, 25 ... Open

220 smtpgw.kutkm.edu.my ESMTP Sendmail 8.13.1/8.13.1; Tue, 14 Mar 2006 09:16:54 +0800

quit

221 2.0.0 smtpgw.kutkm.edu.my closing connection

[Connection to 95.0.8.99 closed by foreign host]

2) Telneting after 1st NAT & 2nd NAT from public network was not successfully;

Result:

C:\Documents and Settings\RAYMOND HEW>telnet 58.139.248.99 25

Trying 58.139.248.99, 25 ... Open

220 *********************************************************************************

quit

221 2.0.0 smtpgw.kutkm.edu.my closing connection

[Connection to 58.139.248.99 closed by foreign host]

Where:

NAT info: 192.168.2.6(SMTP private IP)--> 95.0.8.99(after 1st NAT) --> 58.139.248.99(after 2nd NAT for public access).

Is that by using command telnet <ip address> <port number> at PC or router to access SMTP server (double NATed)will give error or application break ?

Please advise.

Thanks,

Raymond

Labels:
0 Helpful
2 Replies 2

Pavel Bykov
Level 5
Level 5

‎03-16-2006 07:40 AM

Make sure that on both sides routers have routing information for inside global and outside global addresses. IE. router for 192.168.2.6 has to have route to router of 58.139.248.99 (even in form of DG), and router of 58.139.248.99 has to have route to whatever is 192.168.2.6 being translated.

Also, what does NAT debugging says? How are NAT tables being populated (InsideLocal/InsideGlobal/OutsideLocal/OutsideGlobal)?

r.hew
Level 1
Level 1
In response to Pavel Bykov

‎03-19-2006 07:01 PM

Hi Ceska Pojistovna,

Thanks for your prompt answer, the NATting configuration is done correctly, as my customer can send email and do web browsing.

O'right, the thing that I need advise is on the telnet using port number 25 from a PC/Notebook from public access to the email server ?

Maybe you can tried telnet also to 58.139.248.99 to have a feel.....

Thanks in advance.

Best Regards,

Raymond.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card