reason = security. If you market NAT as a security-type protocol (gasp!),
then to allow telnet into that address without 'express written consent from
major league baseball is strictly prohibited'.
Your score may vary.
----- Original Message -----
From: "Lupi, Guy"
To: "'EA Louie'" ;
Sent: Wednesday, September 19, 2001 4:04 PM
Subject: RE: NAT and Telnet [7:20362]
> I have routers functioning like this with code below 12.1, and it works
> fine, no mapping needed. I wonder why they would change that, interesting
> though.
>
> -----Original Message-----
> From: EA Louie [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, September 19, 2001 6:39 PM
> To: [EMAIL PROTECTED]
> Subject: Re: NAT and Telnet [7:20362]
>
>
> Guy...yes, you're correct - I mapped port 23 on the outside to 23 on a
> loopback... and one of my study buddies just called and told me it's a new
> 'feature' of 12.1 and higher to deny incoming on the outside interface.
> Some firewall feature gets enabled that prevents inbound telnet to the
> outside interface unless that 'conduit' is opened using nat inside source
> static. I might downgrade to 12.0 tonight to see if that's true.
>
> -e-
> ----- Original Message -----
> From: "Lupi, Guy"
> To: "'EA Louie'" ;
> Sent: Wednesday, September 19, 2001 2:03 PM
> Subject: RE: NAT and Telnet [7:20362]
>
>
> > Did you have to map port 23 of the outside interface to port 23 of the
> > inside interface?
> >
> > Something like this:
> >
> > ip nat inside source static tcp 192.168.1.1 23 208.2.2.2 23
> >
> > -----Original Message-----
> > From: EA Louie [mailto:[EMAIL PROTECTED]]
> > Sent: Wednesday, September 19, 2001 1:28 AM
> > To: [EMAIL PROTECTED]
> > Subject: NAT and Telnet [7:20362]
> >
> >
> > I posted this on the Lab list...but I thought some folks here might
enjoy
> > the
> > challenge, too. (Apologies to those who are on both for the cross-post)
> >
> > I was going to post a "how to" question about NAT, but I figured it out
so
> I
> > thought I'd share the information with the list and challenge you with
the
> > solution.
> >
> > When using the address of the outside interface as the NAT overload
> address,
> > I
> > could not telnet into the router. I could ping, but the telnet sessions
> > would
> > time out.
> >
> > I came up with a solution - can any of you figure out what it was? And
> does
> > anyone know the reason that this happens?
> >
> > -e-
> _________________________________________________________
> Do You Yahoo!?
> Get your free @yahoo.com address at http://mail.yahoo.com
_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=20473&t=20362
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
