Re: NAT and Telnet [7:20362]
I have 12.1(9) Enterprise Plus on my 2514 and no mapping needed either. I just telnetted to it now from the office and verified the config... ""Lupi, Guy"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I have routers functioning like this with code below 12.1, and it works > fine, no mapping needed. I wonder why they would change that, interesting > though. > > -Original Message- > From: EA Louie [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, September 19, 2001 6:39 PM > To: [EMAIL PROTECTED] > Subject: Re: NAT and Telnet [7:20362] > > > Guy...yes, you're correct - I mapped port 23 on the outside to 23 on a > loopback... and one of my study buddies just called and told me it's a new > 'feature' of 12.1 and higher to deny incoming on the outside interface. > Some firewall feature gets enabled that prevents inbound telnet to the > outside interface unless that 'conduit' is opened using nat inside source > static. I might downgrade to 12.0 tonight to see if that's true. > > -e- > - Original Message ----- > From: "Lupi, Guy" > To: "'EA Louie'" ; > Sent: Wednesday, September 19, 2001 2:03 PM > Subject: RE: NAT and Telnet [7:20362] > > > > Did you have to map port 23 of the outside interface to port 23 of the > > inside interface? > > > > Something like this: > > > > ip nat inside source static tcp 192.168.1.1 23 208.2.2.2 23 > > > > -Original Message- > > From: EA Louie [mailto:[EMAIL PROTECTED]] > > Sent: Wednesday, September 19, 2001 1:28 AM > > To: [EMAIL PROTECTED] > > Subject: NAT and Telnet [7:20362] > > > > > > I posted this on the Lab list...but I thought some folks here might enjoy > > the > > challenge, too. (Apologies to those who are on both for the cross-post) > > > > I was going to post a "how to" question about NAT, but I figured it out so > I > > thought I'd share the information with the list and challenge you with the > > solution. > > > > When using the address of the outside interface as the NAT overload > address, > > I > > could not telnet into the router. I could ping, but the telnet sessions > > would > > time out. > > > > I came up with a solution - can any of you figure out what it was? And > does > > anyone know the reason that this happens? > > > > -e- > _ > Do You Yahoo!? > Get your free @yahoo.com address at http://mail.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20543&t=20362 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: NAT and Telnet [7:20362]
reason = security. If you market NAT as a security-type protocol (gasp!), then to allow telnet into that address without 'express written consent from major league baseball is strictly prohibited'. Your score may vary. - Original Message - From: "Lupi, Guy" To: "'EA Louie'" ; Sent: Wednesday, September 19, 2001 4:04 PM Subject: RE: NAT and Telnet [7:20362] > I have routers functioning like this with code below 12.1, and it works > fine, no mapping needed. I wonder why they would change that, interesting > though. > > -Original Message- > From: EA Louie [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, September 19, 2001 6:39 PM > To: [EMAIL PROTECTED] > Subject: Re: NAT and Telnet [7:20362] > > > Guy...yes, you're correct - I mapped port 23 on the outside to 23 on a > loopback... and one of my study buddies just called and told me it's a new > 'feature' of 12.1 and higher to deny incoming on the outside interface. > Some firewall feature gets enabled that prevents inbound telnet to the > outside interface unless that 'conduit' is opened using nat inside source > static. I might downgrade to 12.0 tonight to see if that's true. > > -e- > ----- Original Message - > From: "Lupi, Guy" > To: "'EA Louie'" ; > Sent: Wednesday, September 19, 2001 2:03 PM > Subject: RE: NAT and Telnet [7:20362] > > > > Did you have to map port 23 of the outside interface to port 23 of the > > inside interface? > > > > Something like this: > > > > ip nat inside source static tcp 192.168.1.1 23 208.2.2.2 23 > > > > -Original Message- > > From: EA Louie [mailto:[EMAIL PROTECTED]] > > Sent: Wednesday, September 19, 2001 1:28 AM > > To: [EMAIL PROTECTED] > > Subject: NAT and Telnet [7:20362] > > > > > > I posted this on the Lab list...but I thought some folks here might enjoy > > the > > challenge, too. (Apologies to those who are on both for the cross-post) > > > > I was going to post a "how to" question about NAT, but I figured it out so > I > > thought I'd share the information with the list and challenge you with the > > solution. > > > > When using the address of the outside interface as the NAT overload > address, > > I > > could not telnet into the router. I could ping, but the telnet sessions > > would > > time out. > > > > I came up with a solution - can any of you figure out what it was? And > does > > anyone know the reason that this happens? > > > > -e- > _ > Do You Yahoo!? > Get your free @yahoo.com address at http://mail.yahoo.com _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20473&t=20362 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: NAT and Telnet [7:20362]
I have routers functioning like this with code below 12.1, and it works fine, no mapping needed. I wonder why they would change that, interesting though. -Original Message- From: EA Louie [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 19, 2001 6:39 PM To: [EMAIL PROTECTED] Subject: Re: NAT and Telnet [7:20362] Guy...yes, you're correct - I mapped port 23 on the outside to 23 on a loopback... and one of my study buddies just called and told me it's a new 'feature' of 12.1 and higher to deny incoming on the outside interface. Some firewall feature gets enabled that prevents inbound telnet to the outside interface unless that 'conduit' is opened using nat inside source static. I might downgrade to 12.0 tonight to see if that's true. -e- - Original Message - From: "Lupi, Guy" To: "'EA Louie'" ; Sent: Wednesday, September 19, 2001 2:03 PM Subject: RE: NAT and Telnet [7:20362] > Did you have to map port 23 of the outside interface to port 23 of the > inside interface? > > Something like this: > > ip nat inside source static tcp 192.168.1.1 23 208.2.2.2 23 > > -Original Message- > From: EA Louie [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, September 19, 2001 1:28 AM > To: [EMAIL PROTECTED] > Subject: NAT and Telnet [7:20362] > > > I posted this on the Lab list...but I thought some folks here might enjoy > the > challenge, too. (Apologies to those who are on both for the cross-post) > > I was going to post a "how to" question about NAT, but I figured it out so I > thought I'd share the information with the list and challenge you with the > solution. > > When using the address of the outside interface as the NAT overload address, > I > could not telnet into the router. I could ping, but the telnet sessions > would > time out. > > I came up with a solution - can any of you figure out what it was? And does > anyone know the reason that this happens? > > -e- _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20472&t=20362 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: NAT and Telnet [7:20362]
Guy...yes, you're correct - I mapped port 23 on the outside to 23 on a loopback... and one of my study buddies just called and told me it's a new 'feature' of 12.1 and higher to deny incoming on the outside interface. Some firewall feature gets enabled that prevents inbound telnet to the outside interface unless that 'conduit' is opened using nat inside source static. I might downgrade to 12.0 tonight to see if that's true. -e- - Original Message - From: "Lupi, Guy" To: "'EA Louie'" ; Sent: Wednesday, September 19, 2001 2:03 PM Subject: RE: NAT and Telnet [7:20362] > Did you have to map port 23 of the outside interface to port 23 of the > inside interface? > > Something like this: > > ip nat inside source static tcp 192.168.1.1 23 208.2.2.2 23 > > -Original Message- > From: EA Louie [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, September 19, 2001 1:28 AM > To: [EMAIL PROTECTED] > Subject: NAT and Telnet [7:20362] > > > I posted this on the Lab list...but I thought some folks here might enjoy > the > challenge, too. (Apologies to those who are on both for the cross-post) > > I was going to post a "how to" question about NAT, but I figured it out so I > thought I'd share the information with the list and challenge you with the > solution. > > When using the address of the outside interface as the NAT overload address, > I > could not telnet into the router. I could ping, but the telnet sessions > would > time out. > > I came up with a solution - can any of you figure out what it was? And does > anyone know the reason that this happens? > > -e- _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20466&t=20362 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: NAT and Telnet [7:20362]
- Original Message - From: "John Neiberger" To: Cc: Sent: Wednesday, September 19, 2001 1:17 PM Subject: Re: NAT and Telnet [7:20362] > Might this have something to do with differences in the way NAT treats > TCP vs. ICMP? I haven't worked with NAT much so this is a good brain > teaser. > Yes, it is in some way related...also has something to do with a new 'feature' in 12.1 and above with NAT. > John > > >>> "EA Louie" 9/19/01 2:15:34 PM >>> > okay... we'll be waiting for your thoughts to be 'collected' ;-) --- > more > below > > - Original Message ----- > From: "Chuck Larrieu" > To: "EA Louie" ; > Sent: Wednesday, September 19, 2001 10:31 AM > Subject: RE: NAT and Telnet [7:20362] > > > > I'll have to think about the solution for a bit, but the reason it > happens > > is really quite simple. I posted a problem like this a "Friday Folly" > or a > > "Weekend Folly" a couple of months back. > > > > think in terms of router operation. e.g. what happens when a packet > is > > received on an interface. > > > Actually, this is not really an order of operation issue. > > > knowing router behaviour as well as protocol behaviour can help one > solve > a > > LOT of problems > > ( hint, hint ;-> ) > > Here's a BIG hint: as a protocol, NAT is bi-directional. ;-) > > > > > -Original Message- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf > Of > > EA Louie > > Sent: Tuesday, September 18, 2001 10:28 PM > > To: [EMAIL PROTECTED] > > Subject: NAT and Telnet [7:20362] > > > > > > I posted this on the Lab list...but I thought some folks here might > enjoy > > the > > challenge, too. (Apologies to those who are on both for the > cross-post) > > > > I was going to post a "how to" question about NAT, but I figured it > out so > I > > thought I'd share the information with the list and challenge you > with the > > solution. > > > > When using the address of the outside interface as the NAT overload > address, > > I > > could not telnet into the router. I could ping, but the telnet > sessions > > would > > time out. > > > > I came up with a solution - can any of you figure out what it was? > And > does > > anyone know the reason that this happens? > > > > -e- > _ > Do You Yahoo!? > Get your free @yahoo.com address at http://mail.yahoo.com _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20464&t=20362 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: NAT and Telnet [7:20362]
Did you have to map port 23 of the outside interface to port 23 of the inside interface? Something like this: ip nat inside source static tcp 192.168.1.1 23 208.2.2.2 23 -Original Message- From: EA Louie [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 19, 2001 1:28 AM To: [EMAIL PROTECTED] Subject: NAT and Telnet [7:20362] I posted this on the Lab list...but I thought some folks here might enjoy the challenge, too. (Apologies to those who are on both for the cross-post) I was going to post a "how to" question about NAT, but I figured it out so I thought I'd share the information with the list and challenge you with the solution. When using the address of the outside interface as the NAT overload address, I could not telnet into the router. I could ping, but the telnet sessions would time out. I came up with a solution - can any of you figure out what it was? And does anyone know the reason that this happens? -e- Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20454&t=20362 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: NAT and Telnet [7:20362]
Might this have something to do with differences in the way NAT treats TCP vs. ICMP? I haven't worked with NAT much so this is a good brain teaser. John >>> "EA Louie" 9/19/01 2:15:34 PM >>> okay... we'll be waiting for your thoughts to be 'collected' ;-) --- more below - Original Message - From: "Chuck Larrieu" To: "EA Louie" ; Sent: Wednesday, September 19, 2001 10:31 AM Subject: RE: NAT and Telnet [7:20362] > I'll have to think about the solution for a bit, but the reason it happens > is really quite simple. I posted a problem like this a "Friday Folly" or a > "Weekend Folly" a couple of months back. > > think in terms of router operation. e.g. what happens when a packet is > received on an interface. > Actually, this is not really an order of operation issue. > knowing router behaviour as well as protocol behaviour can help one solve a > LOT of problems > ( hint, hint ;-> ) Here's a BIG hint: as a protocol, NAT is bi-directional. ;-) > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > EA Louie > Sent: Tuesday, September 18, 2001 10:28 PM > To: [EMAIL PROTECTED] > Subject: NAT and Telnet [7:20362] > > > I posted this on the Lab list...but I thought some folks here might enjoy > the > challenge, too. (Apologies to those who are on both for the cross-post) > > I was going to post a "how to" question about NAT, but I figured it out so I > thought I'd share the information with the list and challenge you with the > solution. > > When using the address of the outside interface as the NAT overload address, > I > could not telnet into the router. I could ping, but the telnet sessions > would > time out. > > I came up with a solution - can any of you figure out what it was? And does > anyone know the reason that this happens? > > -e- _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20449&t=20362 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: NAT and Telnet [7:20362]
okay... we'll be waiting for your thoughts to be 'collected' ;-) --- more below - Original Message - From: "Chuck Larrieu" To: "EA Louie" ; Sent: Wednesday, September 19, 2001 10:31 AM Subject: RE: NAT and Telnet [7:20362] > I'll have to think about the solution for a bit, but the reason it happens > is really quite simple. I posted a problem like this a "Friday Folly" or a > "Weekend Folly" a couple of months back. > > think in terms of router operation. e.g. what happens when a packet is > received on an interface. > Actually, this is not really an order of operation issue. > knowing router behaviour as well as protocol behaviour can help one solve a > LOT of problems > ( hint, hint ;-> ) Here's a BIG hint: as a protocol, NAT is bi-directional. ;-) > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > EA Louie > Sent: Tuesday, September 18, 2001 10:28 PM > To: [EMAIL PROTECTED] > Subject: NAT and Telnet [7:20362] > > > I posted this on the Lab list...but I thought some folks here might enjoy > the > challenge, too. (Apologies to those who are on both for the cross-post) > > I was going to post a "how to" question about NAT, but I figured it out so I > thought I'd share the information with the list and challenge you with the > solution. > > When using the address of the outside interface as the NAT overload address, > I > could not telnet into the router. I could ping, but the telnet sessions > would > time out. > > I came up with a solution - can any of you figure out what it was? And does > anyone know the reason that this happens? > > -e- _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20446&t=20362 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: NAT and Telnet [7:20362]
I'll have to think about the solution for a bit, but the reason it happens is really quite simple. I posted a problem like this a "Friday Folly" or a "Weekend Folly" a couple of months back. think in terms of router operation. e.g. what happens when a packet is received on an interface. knowing router behaviour as well as protocol behaviour can help one solve a LOT of problems ( hint, hint ;-> ) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of EA Louie Sent: Tuesday, September 18, 2001 10:28 PM To: [EMAIL PROTECTED] Subject: NAT and Telnet [7:20362] I posted this on the Lab list...but I thought some folks here might enjoy the challenge, too. (Apologies to those who are on both for the cross-post) I was going to post a "how to" question about NAT, but I figured it out so I thought I'd share the information with the list and challenge you with the solution. When using the address of the outside interface as the NAT overload address, I could not telnet into the router. I could ping, but the telnet sessions would time out. I came up with a solution - can any of you figure out what it was? And does anyone know the reason that this happens? -e- Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20428&t=20362 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
