Hi Raj, It's work now!!! :) Thanks for your advise. Actually I'm working on the way like you described but I'm digging into the hole in applying additional access list on the vty... that's why it fail. Now everything is good. Thanks Simon
""Raj Santiago"" Hi Simon, > > > There is a way, but its a hack. I dont recommend you do this, but just > shows that you dont always need to attack the problem directly.. > > anyway here is a simple diagram > s0 s1 > 10.0.0.1 10.0.0.2 > ------------------ > | > 172.16.55.1 > (eth0) > > > on RTA apply the following config : > > ip nat inside source static tcp 172.16.55.1 23 172.16.55.1 2002 extendable > ! > interface Ethernet0 > description Dummy interface for lab testing > ip address 172.16.55.1 255.255.255.0 > no keepalive > ! > interface Serial0 > ip address 10.0.0.1 255.255.255.0 > ip nat outside > clockrate 38400 > ! > > So basically your mapping the local telnet port 23, to port 2002. If you try > and telnet normally to ip 172.16.55.1 you wont initiate a connection as NAT > will reply back with a port of 2002. Hence the only way to obtain telnet is > to telnet to "172.16.55.1 2002" > > raj Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=58913&t=58647 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
