[cisco-nas] How can I telnet to my NAS server with NAT configuration

Félix Izquierdo fizquierdo at l3consulting.com
Tue Apr 27 10:35:00 EDT 2004


Tassos Chatzithomaoglou wrote:

> Quite a strange suggestion....
> 
> "any" doesn't include "192.168.100.0 0.0.0.255" ?

It's a common and old problem with NAT. If NAT access-list permits any, 
then you can't access the router from an outside interface. The nat 
access-list must be concise and to permit only the inside faced address.

Félix


> 
> 
> Dennis Peng wrote:
> 
>> Try changing:
>>
>> access-list 1 permit any
>>
>> to
>>
>> access-list 1 permit 192.168.100.0 0.0.0.255
>>
>> Dennis
>>
>> Souphonh [souphonh at laopdr.com] wrote:
>>
>>> Dear Sir,
>>>
>>> The attachment is my dial-in (NAS) server configuration. The 
>>> configuration works fine for PPP dial-in purpose. However, I cannot 
>>> telnet to my server via its ethernet 0/0 interface, which is 
>>> configured as NAT outside. Is there any way that allow me to access 
>>> my NAS via that interface ?
>>> Regards,
>>> Souphonh
>>> Current configuration : 2196 bytes
>>> !
>>> version 12.2
>>> service timestamps debug datetime msec
>>> service timestamps log datetime msec
>>> service password-encryption
>>> !
>>> hostname lpb_ras
>>> !
>>> aaa new-model
>>> aaa authentication login default local
>>> aaa authentication ppp default group radius local
>>> aaa authorization network default group radius if-authenticated
>>> aaa accounting network default start-stop group radius
>>> enable secret 5 $1$RLt8$zpVnFUtCBXkbq2/hb1YdA/
>>> enable password 7 03140B07145B32184A04480B
>>> !
>>> username test password 7 00141215174C0F
>>> username admin password 7 0014430A160F18520B2C1D40
>>> ip subnet-zero
>>> !
>>> !
>>> ip domain-name mydomain.com
>>> ip name-server xxx.xxx.xxx.xxx
>>> ip name-server xxx.xxx.xxx.xxx
>>> ip name-server xxx.xxx.xxx.xxx
>>> !
>>> ip audit notify log
>>> ip audit po max-events 100
>>> async-bootp dns-server xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
>>> !
>>> call rsvp-sync
>>> !
>>> !
>>> !
>>> !
>>> !
>>> !
>>> !
>>> !
>>> interface Loopback0
>>> ip address 192.168.100.1 255.255.255.0
>>> ip nat inside
>>> !
>>> interface Ethernet0/0
>>> ip address 10.0.3.124 255.255.255.0
>>> ip nat outside
>>> half-duplex
>>> no mop enabled
>>> !
>>>
>>>
>>> interface Group-Async1
>>> ip unnumbered Loopback0
>>> ip nat inside
>>> encapsulation ppp
>>> ip tcp header-compression
>>> async mode interactive
>>> peer default ip address pool dialin_pool
>>> ppp authentication chap pap
>>> group-range 33 48
>>> !
>>> ip local pool dialin_pool 192.168.100.2 192.168.100.20
>>> ip nat inside source list 1 interface Ethernet0/0 overload
>>> ip classless
>>> ip route 0.0.0.0 0.0.0.0 10.0.3.219
>>> no ip http server
>>> !
>>> access-list 1 permit any
>>> dialer-list 1 protocol ip permit
>>> dialer-list 1 protocol ipx permit
>>> !
>>> snmp-server community public RO
>>> snmp-server enable traps tty
>>> radius-server host 202.47.226.10 auth-port 1812 acct-port 1813
>>> radius-server key 7 0208107B1D050D
>>> radius-server vsa send accounting
>>> radius-server vsa send authentication
>>> !
>>> dial-peer cor custom
>>> !
>>> !
>>> !
>>> !
>>> !
>>> line con 0
>>> line 33 48
>>> flush-at-activation
>>> modem Dialin
>>> autoselect during-login
>>> autoselect ppp
>>> flowcontrol hardware
>>> line aux 0
>>> line vty 0 4
>>> password 7 1209551B005F1F502E267526
>>> !
>>> end
>>>
>>
>>
>>> _______________________________________________
>>> cisco-nas mailing list
>>> cisco-nas at puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/cisco-nas
>>
>>
>>
>> _______________________________________________
>> cisco-nas mailing list
>> cisco-nas at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nas
>>
> 




More information about the cisco-nas mailing list