[c-nsp] FW: Static PAT problem
Andrew Herdman
andrew at whine.com
Fri Mar 18 10:51:58 EST 2005
Thanks Gert;
I also received the same advice from two other people in a private message.
Not sure why I missed that, but the SDM did it, last time I let SDM
configure any part of the router.
But unfortunately, it didn't resolve the issue. I still get connection
refused when telneting to the static PAT ports of 81 and 3389.
Thanks
Andrew
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Gert Doering
> Sent: Friday, March 18, 2005 3:46 AM
> To: Andrew Herdman
> Cc: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] FW: Static PAT problem
>
> Hi,
>
> On Thu, Mar 17, 2005 at 05:09:10PM -0500, Andrew Herdman wrote:
> > !
> > ip access-list extended NAT01
> > permit ip 0.0.0.0 255.255.255.0 any
>
> netmasks in ACLs need to be inverted ("don't care bits") - if
> you want
> to match your whole inside subnet, write this as:
>
> permit ip 192.168.128.0 0.0.0.255
>
> gert
> --
> USENET is *not* the non-clickable part of WWW!
>
> //www.muc.de/~gert/
> Gert Doering - Munich, Germany
> gert at greenie.muc.de
> fax: +49-89-35655025
> gert at net.informatik.tu-muenchen.de
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list