[cisco-nas] How can I telnet to my NAS server with NAT configuration

Tassos Chatzithomaoglou achatz at forthnet.gr
Tue Apr 27 11:00:41 EDT 2004 

Ahaaa, that explains my problems some time ago !!!!

btw, is it a bug or a "security" feature? Are there any CCO docs about it?


Félix Izquierdo wrote:

> 
> Tassos Chatzithomaoglou wrote:
> 
>> Quite a strange suggestion....
>>
>> "any" doesn't include "192.168.100.0 0.0.0.255" ?
> 
> 
> It's a common and old problem with NAT. If NAT access-list permits any, 
> then you can't access the router from an outside interface. The nat 
> access-list must be concise and to permit only the inside faced address.
> 
> Félix
> 
> 
>>
>>
>> Dennis Peng wrote:
>>
>>> Try changing:
>>>
>>> access-list 1 permit any
>>>
>>> to
>>>
>>> access-list 1 permit 192.168.100.0 0.0.0.255
>>>
>>> Dennis
>>>
>>> Souphonh [souphonh at laopdr.com] wrote:
>>>
>>>> Dear Sir,
>>>>
>>>> The attachment is my dial-in (NAS) server configuration. The 
>>>> configuration works fine for PPP dial-in purpose. However, I cannot 
>>>> telnet to my server via its ethernet 0/0 interface, which is 
>>>> configured as NAT outside. Is there any way that allow me to access 
>>>> my NAS via that interface ?
>>>> Regards,
>>>> Souphonh
>>>> Current configuration : 2196 bytes
>>>> !
>>>> version 12.2
>>>> service timestamps debug datetime msec
>>>> service timestamps log datetime msec
>>>> service password-encryption
>>>> !
>>>> hostname lpb_ras
>>>> !
>>>> aaa new-model
>>>> aaa authentication login default local
>>>> aaa authentication ppp default group radius local
>>>> aaa authorization network default group radius if-authenticated
>>>> aaa accounting network default start-stop group radius
>>>> enable secret 5 $1$RLt8$zpVnFUtCBXkbq2/hb1YdA/
>>>> enable password 7 03140B07145B32184A04480B
>>>> !
>>>> username test password 7 00141215174C0F
>>>> username admin password 7 0014430A160F18520B2C1D40
>>>> ip subnet-zero
>>>> !
>>>> !
>>>> ip domain-name mydomain.com
>>>> ip name-server xxx.xxx.xxx.xxx
>>>> ip name-server xxx.xxx.xxx.xxx
>>>> ip name-server xxx.xxx.xxx.xxx
>>>> !
>>>> ip audit notify log
>>>> ip audit po max-events 100
>>>> async-bootp dns-server xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
>>>> !
>>>> call rsvp-sync
>>>> !
>>>> !
>>>> !
>>>> !
>>>> !
>>>> !
>>>> !
>>>> !
>>>> interface Loopback0
>>>> ip address 192.168.100.1 255.255.255.0
>>>> ip nat inside
>>>> !
>>>> interface Ethernet0/0
>>>> ip address 10.0.3.124 255.255.255.0
>>>> ip nat outside
>>>> half-duplex
>>>> no mop enabled
>>>> !
>>>>
>>>>
>>>> interface Group-Async1
>>>> ip unnumbered Loopback0
>>>> ip nat inside
>>>> encapsulation ppp
>>>> ip tcp header-compression
>>>> async mode interactive
>>>> peer default ip address pool dialin_pool
>>>> ppp authentication chap pap
>>>> group-range 33 48
>>>> !
>>>> ip local pool dialin_pool 192.168.100.2 192.168.100.20
>>>> ip nat inside source list 1 interface Ethernet0/0 overload
>>>> ip classless
>>>> ip route 0.0.0.0 0.0.0.0 10.0.3.219
>>>> no ip http server
>>>> !
>>>> access-list 1 permit any
>>>> dialer-list 1 protocol ip permit
>>>> dialer-list 1 protocol ipx permit
>>>> !
>>>> snmp-server community public RO
>>>> snmp-server enable traps tty
>>>> radius-server host 202.47.226.10 auth-port 1812 acct-port 1813
>>>> radius-server key 7 0208107B1D050D
>>>> radius-server vsa send accounting
>>>> radius-server vsa send authentication
>>>> !
>>>> dial-peer cor custom
>>>> !
>>>> !
>>>> !
>>>> !
>>>> !
>>>> line con 0
>>>> line 33 48
>>>> flush-at-activation
>>>> modem Dialin
>>>> autoselect during-login
>>>> autoselect ppp
>>>> flowcontrol hardware
>>>> line aux 0
>>>> line vty 0 4
>>>> password 7 1209551B005F1F502E267526
>>>> !
>>>> end
>>>>
>>>
>>>
>>>> _______________________________________________
>>>> cisco-nas mailing list
>>>> cisco-nas at puck.nether.net
>>>> https://puck.nether.net/mailman/listinfo/cisco-nas
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> cisco-nas mailing list
>>> cisco-nas at puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/cisco-nas
>>>
>>
> 
> 
> _______________________________________________
> cisco-nas mailing list
> cisco-nas at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nas
> 

-- 
***************************************
       Chatzithomaoglou Anastasios
Network Design & Development Department
              FORTHnet S.A.
          <achatz at forthnet.gr>
***************************************

More information about the cisco-nas mailing list