From: Michael Snyder (msnyder@wk.net)
Date: Mon Oct 27 2003 - 12:15:51 GMT-3
While this is pretty simple to do, it took me a while to figure it out.
My service provider blocks tcp 23, which means I couldn't access my
office router from home.
It became a problem when I needed to reset office dmz servers via
telnet.
Below is the sample config,
I'm relocating the loopback telnet tcp 23 to the public interface tcp
1000.
Works just fine, in fact any router service that can survive nat will
work using the same method.
------------------------------------------------------------------------
--------------------
interface Serial0
ip address 150.50.17.1 255.255.255.0
ip nat outside
interface Loopback1
ip address 192.168.1.1 255.255.255.0
ip nat inside
access-list 10 permit 192.168.1.0 0.0.0.255
ip nat inside source list 10 interface Serial0 overload
ip nat inside source static tcp 192.168.1.1 23 150.50.17.1 1000
extendable
------------------------------------------------------------------------
--------------------
R2#telnet 150.50.17.1 1000
Trying 150.50.17.1, 1000 ... Open
Router R1 - Cisco 1602 Interfaces S0 S1 E0
E0 Connects to BB1
S0 Connects to R2-S1
R1 line 1
R1#
R1#show ip nat tr
Pro Inside global Inside local Outside local Outside
global
tcp 150.50.17.1:1000 192.168.1.1:23 --- ---
tcp 150.50.17.1:1000 192.168.1.1:23 150.50.17.2:11005
150.50.17.2:11005
R1#
Michael Snyder
Lead Network Engineer
CCNP/DP, CSS1, MCSE NT/2000
Revolution Computer Systems
(270) 443-7400
This archive was generated by hypermail 2.1.4 : Mon Nov 24 2003 - 07:53:09 GMT-3