Is this an Internet router or just an internal router running translation?
Unless you have static translates setup, NAT overload (PAT) will most likely
not allow inbound connections as it tracks ports for outbound and
established connections, not inbound connections. This is how you are able
to create 64k sessions on a single IP address. A perfect example of this is
the PIX, which only allows inbound connections on a static translation
throught the use of a conduit. The PIX will not allow an inbound connection
on a PATed address(es) as it is for outbound connections only.
Is it possible to put a secondary address on the interface and not translate
with that address? Port redirection might work if you are running IOS FW.
You could redirect telnet requests to the inside interface address. If
you're not running IOS FW, then there must be some mechanism blocking your
session.
Rik
-----Original Message-----
From: nrf [mailto:[EMAIL PROTECTED]]
Sent: Friday, June 29, 2001 6:21 PM
To: [EMAIL PROTECTED]
Subject: Re: Strange situation with NAT and telnet [7:10387]
Well, to answer your question, I don't want to telnet to the outside
interface from the inside. I want to telnet to the outside interface from
the outside, and clearly due to the NAT, the outside interface is the only
interface I can telnet to, and because of this stupid bug, I cannot. So
basically what it boils down to is that nobody from the outside can ever
telnet into the router, which bites.
And somebody asked what OS and what router I am using. It is 12.2(1), on a
2514.
""Allen May"" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> OK I don't have the real answer but it seems that NAT overload is on the
> same IP address that you're trying to telnet to. That would be kind of
> weird for the box to receive a telnet request from & to the same IP.
>
> No flames but I'll just throw a suggestion to try (let me know if it
works).
> Try settting up an access-list for NONAT when going to that IP address.
> That will leave the source address alone. And it looks like you've set up
> an access-list to allow telnet to that interface already but double check
> that.
>
> I have to ask...why telnet to the outside interface from inside?
>
> Allen
>
>
> ----- Original Message -----
> From: "nrf"
> To:
> Sent: Friday, June 29, 2001 4:01 AM
> Subject: Strange situation with NAT and telnet [7:10387]
>
>
> > Hey all:
> >
> > I have this strange situation where I cannot telnet into my router.
This
> is
> > what happens.
> >
> > I am successfully running NAT (with overload), with no problem. I can
> > telnet into the interface that is the inside NAT with no problem. I can
> > also telnet into any non-NAT interface with no problem. The problem
> occurs
> > when I try to telnet into the interface that is the designated outside
NAT
> > interface. For example, when I fire up telnet from Windows and telnet
to
> > that outside NAT interface, it just shows that it is trying to connect,
> but
> > it never connects.
> >
> > Now, I can assure you that connectivity is fine. I can ping that
> interface.
> > People from the inside can get to the outside, with no problem. So it's
> not
> > a routing issue, I am sure.
> >
> > I have monitored what happens when I try to telnet, as I have an
> > access-class on the vty line that allows anything in (permit ip any
any),
> > but is set for logging. So I notice that telnet packets are indeed
being
> > permitted by the access-list, meaning the telnet request is hitting the
> > router successfully. On the console, I even get a message saying that
the
> > access-list is allowing a telnet packet in. So everything seems cool.
> But
> > somehow the router doesn't want to acknowledge the telnet request.
> >
> > Does anybody know what is up with that?
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=10467&t=10387
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
