Try this command: ip nat inside source static tcp 192.168.1.1 23 209.xxx.xxx.xxx 23 extendable
This will map the telnet port of the outside IP address to the inside, should work for you, let us know. ~-----Original Message----- ~From: Tim Booth [mailto:[EMAIL PROTECTED]] ~Sent: Saturday, February 16, 2002 7:29 PM ~To: [EMAIL PROTECTED] ~Subject: Problem telnetting into router with NAT enabled [7:35634] ~ ~ ~I am having a problem telnetting into the router from the outside ~when I have NAT on the router. Once I take the ip nat outside command ~off the outside interface, I can telnet into the router from the ~outside. I can ping the NAT router regardless of whether ip nat outside ~is on the interface or not. Note that I do, of course, have the vty 0 4 ~passworded. Here's the config (edited for bandwidth purposes): ~ ~interface Ethernet0 ~ ip address 209.xxx.xxx.xxx 255.255.255.0 ~ ip nat outside ~! ~interface Serial0 ~ ip address 192.168.1.1 255.255.255.252 ~ ip nat inside ~ encapsulation ppp ~clockrate 2000000 ~! ~ip nat inside source list 101 interface Ethernet0 overload ~! ~access-list 101 permit ip any any ~ip classless ~! ~vty 0 4 ~password hrmm ~login ~! ~end ~ ~ Packets are coming into the router from the telnetting host, and NAT ~tries to do a translation on it, but fails, I think..? NOTE in ~the debug ~output: 209.xxx.xxx.xxx is the external router ip address and ~216.xxx.xxx.xxx is where I'm telnetting from. This is output from a ~debug ip nat detailed and debug ip nat port combined: ~ ~04:09:59: NAT - SYSTEM PORT for 209.xxx.xxx.xxx: allocated port 0, ~refcount 55, localport -1, localaddr 0.0.0.0, flags 1, syscount 55 ~04:09:59: NAT - SYSTEM PORT for 209.xxx.xxx.xxx: allocated port 23, ~refcount 2, localport -1, localaddr 0.0.0.0, flags 1, syscount 2 ~04:09:59: NAT: Allocated Port for 209.xxx.xxx.xxx -> 209.xxx.xxx.xxx: ~wanted 23 got 2 ~04:09:59: NAT: i: tcp (209.xxx.xxx.xxx, 23) -> (216.xxx.xxx.xxx, 3012) ~[0] ~04:09:59: NAT: TCP s=23->2, d=3012 ~04:09:59: NAT: o: tcp (216.xxx.xxx.xxx, 3012) -> (209.xxx.xxx.xxx, 2) ~[51] ~04:09:59: NAT: TCP s=3012, d=2->23 ~04:09:59: NAT: updated sys port: port 23, refcount 1, localport -1, ~localaddr 0.0.0.0, flags 1, syscount 1 ~04:11:08: NAT: expiring 209.xxx.xxx.xxx (209.xxx.xxx.xxx) tcp 2 (23) ~ ~ Any ideas? ~ ~Kind Regards, ~Tim Booth ~MCDBA, CCNP, CCDP, CCIE written ~----------------------------------------- ~Those who would give up essential liberty to purchase a little ~temporary ~safety deserve neither liberty nor safety. ~Benjamin Franklin, 1759 ~ ~ ~ ~ ~Report misconduct ~and Nondisclosure violations to [EMAIL PROTECTED] ~ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=35637&t=35634 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
