- Posts: 16
- Thank you received: 0
Problem with NAT
- ghostphace
- Topic Author
- Offline
- New Member
Less
More
16 years 1 week ago #28429
by ghostphace
Problem with NAT was created by ghostphace
I have a 2600 router and i want to achive a goal of mapping a public ip to a private ip in the LAN so telnet & ssh can be accessible from outside the domain.
config:
ip nat inside source static tcp 10.0.0.1 23 1.0.0.1 23
i can ping the public ip and get a reply
SL-R2651#sh ip nat translations
Pro Inside global Inside local Outside local Outside global
tcp 1.0.0.1:23 10.0.0.1:23 --- ---
But the problem is i cant get telnet nor ssh to connect from outside the domain.
Regards
config:
ip nat inside source static tcp 10.0.0.1 23 1.0.0.1 23
i can ping the public ip and get a reply
SL-R2651#sh ip nat translations
Pro Inside global Inside local Outside local Outside global
tcp 1.0.0.1:23 10.0.0.1:23 --- ---
But the problem is i cant get telnet nor ssh to connect from outside the domain.
Regards
16 years 1 week ago #28431
by S0lo
Studying CCNP...
Ammar Muqaddas
Forum Moderator
www.firewall.cx
Replied by S0lo on topic Re: Problem with NAT
Your ip nat statement seems OK (for telnet). You will need to also add one for SSH (port 22).
[code:1]ip nat inside source static tcp 10.0.0.1 22 1.0.0.1 22[/code:1]
You need to also specify which interfaces on your 2600 are inside or outside, for example:
[code:1]interface FastEthernet0/0
ip address 192.168.1.97 255.255.255.0
ip nat inside
!
interface FastEthernet0/1
ip address 192.168.2.33 255.255.255.0
ip nat inside
!
interface Serial0/0
ip address 1.0.0.1 255.255.255.252
ip nat outside[/code:1]
If it still doesn't work after checking the above, then could you post a debug ip nat output for us ?
[code:1]ip nat inside source static tcp 10.0.0.1 22 1.0.0.1 22[/code:1]
You need to also specify which interfaces on your 2600 are inside or outside, for example:
[code:1]interface FastEthernet0/0
ip address 192.168.1.97 255.255.255.0
ip nat inside
!
interface FastEthernet0/1
ip address 192.168.2.33 255.255.255.0
ip nat inside
!
interface Serial0/0
ip address 1.0.0.1 255.255.255.252
ip nat outside[/code:1]
If it still doesn't work after checking the above, then could you post a debug ip nat output for us ?
Studying CCNP...
Ammar Muqaddas
Forum Moderator
www.firewall.cx
Time to create page: 0.120 seconds