To be honest, I don't have a definitive answer. I did hear from someone on the list that this is because NAT is often used as a security tool as well as a method to save public IP addresses, so Cisco decided that it would be a good idea to only allow telnet if you did this additional mapping, I think Ejay was the one who told me that. Theoretically there is no reason you shouldn't be able to telnet right to the serial interface's IP address. As far as the extendable command, there is a description from CCO at the bottom, I always use it at the end of a translation, unless I know that I will not be mapping that local inside IP address to any other IP. If you don't use the keyword, you will not be able to map the private IP address to more that one public IP address, this is useful for situations where you have 2 providers, one as a backup lets say, and you want your mail server to be mapped to one IP from the primary provider and one IP from the secondary provider. See below, hope this helps.
2511(config)#ip nat inside source static 192.168.1.1 2.2.2.2 2511(config)#ip nat inside source static 192.168.1.1 1.1.1.1 % 192.168.1.1 already mapped (192.168.1.1 -> 2.2.2.2) [No extendable keyword specified, so the router doesn't let you map that same private IP address to another public IP.] 2511(config)#no ip nat inside source static 192.168.1.1 2.2.2.2 [Remove the original mapping, then use the extendable keword] 2511(config)#ip nat inside source static 192.168.1.1 2.2.2.2 extendable 2511(config)#ip nat inside source static 192.168.1.1 1.1.1.1 extendable 2511(config)# [With the extendable keyword you can map it to 2 different IP addresses.] >From CCO: "Extendable" static translations The extendable keyword allows the user to configure several ambiguous static translations, where an ambiguous translations are translations with the same local or global address. ip nat inside source static extendable ~-----Original Message----- ~From: Tim Booth [mailto:[EMAIL PROTECTED]] ~Sent: Saturday, February 16, 2002 9:22 PM ~To: [EMAIL PROTECTED] ~Subject: RE: Problem telnetting into router with NAT enabled [7:35634] ~ ~ ~------------------------------ ~Try this command: ~ ~ip nat inside source static tcp 192.168.1.1 23 209.xxx.xxx.xxx 23 ~extendable ~ ~This will map the telnet port of the outside IP address to the inside, ~should work for you, let us know. ~------------------------------ ~ ~Guy, ~ ~ Thanks very much. It fixed the problem. However, I'm curious ~as to WHY ~I needed to do this and what does the extendable command ~function to do? ~ ~Thanks, ~Tim Booth ~MCDBA, CCNP, CCDP, CCIE written ~----------------------------------------- ~Those who would give up essential liberty to purchase a little ~temporary ~safety deserve neither liberty nor safety. ~Benjamin Franklin, 1759 ~ ~ ~ ~ ~Report misconduct ~and Nondisclosure violations to [EMAIL PROTECTED] ~ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=35667&t=35634 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
