I think a more correct fix would be to change your NAT access list to exclude the external interface. I'm not sure why the router NATs the outside interface but it will if you include it in your access-list. Put in a deny statement for your outside interface.
access-list 101 deny ip 209.xxx.xxx.xxx any access-list 101 permit ip any any -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Karl West Sent: Sunday, February 17, 2002 11:01 AM To: [EMAIL PROTECTED] Subject: Re: Problem telnetting into router with NAT enabled [7:35634] Tim, If I am not mistaken NAT is an application layer process thus any traffic initiated from the outside to the inside will need to have an IP and Port statically mapped!! As for the extendable....I am not sure if it is needed....I believe the extendable is used to allow two static translation with the same local address that does not have separate port translation assignment(the IOS does not normally allow this!!) see the Cisco website for more info!! KW ----- Original Message ----- From: "Tim Booth" To: Sent: Saturday, February 16, 2002 9:21 PM Subject: RE: Problem telnetting into router with NAT enabled [7:35634] > ------------------------------ > Try this command: > > ip nat inside source static tcp 192.168.1.1 23 209.xxx.xxx.xxx 23 > extendable > > This will map the telnet port of the outside IP address to the inside, > should work for you, let us know. > ------------------------------ > > Guy, > > Thanks very much. It fixed the problem. However, I'm curious as to WHY > I needed to do this and what does the extendable command function to do? > > Thanks, > Tim Booth > MCDBA, CCNP, CCDP, CCIE written > ----------------------------------------- > Those who would give up essential liberty to purchase a little temporary > safety deserve neither liberty nor safety. > Benjamin Franklin, 1759 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=35683&t=35634 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
