Re: [nsp] Basic NAT Question

• Next message: Andrew Fort: "Re: [nsp] flexwan for 6500"
• Previous message: Ken Reiss: "Re: [nsp] Basic NAT Question"
• Next in thread: Ken Reiss: "Re: [nsp] Basic NAT Question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Mail actions: [ respond to this message ] [ mail a new topic ]

Rich,

Yes, we have another client going through the same AS5300 box which we can get
to fine (with a Cisco 802, btw). I can ping the router, no problem, too.
Also, when that line was in, all the ports did go off to the server correctly.
When we took the line out, we could not talk to the server, so the line did
come out.

I'm so stumped!

Thanks,
Ken.

Richard Golodner wrote:

> Ken, is everything else working? How about your firewall or ACL's. Are you
> physically far from the router?
> Rich
>
> -----Original Message-----
> From: Ken Reiss [mailto:KReiss@PortONE.com]
> Sent: Wednesday, October 03, 2001 4:53 PM
> To: Chris Roberts; Richard Golodner
> Cc: Cisco Mailing List
> Subject: Re: [nsp] Basic NAT Question
>
> Thanks for the replies, guys.
>
> The advice to lock down the ports makes good sense. The client swore they
> didn't want it locked down, but we've finally convinced him otherwise. So,
> we went into the router (via console) and removed the "ip nat inside source
> static..." line altogether, which (correct me if I'm wrong) should have
> allowed me to telnet into the router via Internet. However, I still could
> not telnet into the router, receiving "% Connection refused by remote host"
> error.
>
> Perhaps the newer IOS (I'm not sure what's in here, since I can't telnet
> into it) has to implicitly allow telnet logins?
>
> Perhaps anyone can lend a suggestion?
>
> Thanks!
> Ken.
>
> Chris Roberts wrote:
>
> > On Wed, Oct 03, 2001 at 01:31:04PM -0400, Ken Reiss wrote:
> > [ ... ]
> > > ip nat translation timeout 1800
> > > ip nat inside source list 1 interface Dialer1 overload
> > > ip nat inside source static 172.17.253.2 209.101.148.208
> > >
> >
> > This command will redirect all ports including telnet unfortunately. You
> > could either redirect just the ports you want, or you might be able to
> > do something icky like set up a static NAT mapping for port 23 to the
> > routers internal IP, or even a loopback IP preferably.
> >
> > Cheers,
> > Chris.
> >
> > >
> > > Thank you very much,
> > > Ken Reiss.
> > >
> >
> > Cheers,
> > Chris.
> > --
> > |=========----- -------=======|
> > | Chris Roberts (croberts@bongle.co.uk) |
> > |=======------- -----=========|
>
> --
>
> *************************
> Kenneth A. Reiss
> Port One Internet, Inc.
> 160 Chapel Road
> Manchester, CT 06040
> 860-722-3000
> 860-533-0033
> Fax: 533-7225
> *************************

--
*************************
Kenneth A. Reiss
Port One Internet, Inc.
160 Chapel Road
Manchester, CT 06040
860-722-3000
860-533-0033
Fax: 533-7225
*************************

• Next message: Andrew Fort: "Re: [nsp] flexwan for 6500"
• Previous message: Ken Reiss: "Re: [nsp] Basic NAT Question"
• Next in thread: Ken Reiss: "Re: [nsp] Basic NAT Question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Mail actions: [ respond to this message ] [ mail a new topic ]

This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:50 EDT