I am having a problem telnetting into the router from the outside when I have NAT on the router. Once I take the ip nat outside command off the outside interface, I can telnet into the router from the outside. I can ping the NAT router regardless of whether ip nat outside is on the interface or not. Note that I do, of course, have the vty 0 4 passworded. Here's the config (edited for bandwidth purposes):
interface Ethernet0 ip address 209.xxx.xxx.xxx 255.255.255.0 ip nat outside ! interface Serial0 ip address 192.168.1.1 255.255.255.252 ip nat inside encapsulation ppp clockrate 2000000 ! ip nat inside source list 101 interface Ethernet0 overload ! access-list 101 permit ip any any ip classless ! vty 0 4 password hrmm login ! end Packets are coming into the router from the telnetting host, and NAT tries to do a translation on it, but fails, I think..? NOTE in the debug output: 209.xxx.xxx.xxx is the external router ip address and 216.xxx.xxx.xxx is where I'm telnetting from. This is output from a debug ip nat detailed and debug ip nat port combined: 04:09:59: NAT - SYSTEM PORT for 209.xxx.xxx.xxx: allocated port 0, refcount 55, localport -1, localaddr 0.0.0.0, flags 1, syscount 55 04:09:59: NAT - SYSTEM PORT for 209.xxx.xxx.xxx: allocated port 23, refcount 2, localport -1, localaddr 0.0.0.0, flags 1, syscount 2 04:09:59: NAT: Allocated Port for 209.xxx.xxx.xxx -> 209.xxx.xxx.xxx: wanted 23 got 2 04:09:59: NAT: i: tcp (209.xxx.xxx.xxx, 23) -> (216.xxx.xxx.xxx, 3012) [0] 04:09:59: NAT: TCP s=23->2, d=3012 04:09:59: NAT: o: tcp (216.xxx.xxx.xxx, 3012) -> (209.xxx.xxx.xxx, 2) [51] 04:09:59: NAT: TCP s=3012, d=2->23 04:09:59: NAT: updated sys port: port 23, refcount 1, localport -1, localaddr 0.0.0.0, flags 1, syscount 1 04:11:08: NAT: expiring 209.xxx.xxx.xxx (209.xxx.xxx.xxx) tcp 2 (23) Any ideas? Kind Regards, Tim Booth MCDBA, CCNP, CCDP, CCIE written ----------------------------------------- Those who would give up essential liberty to purchase a little temporary safety deserve neither liberty nor safety. Benjamin Franklin, 1759 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=35634&t=35634 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
