From: Brian McGahan (bmcgahan@internetworkexpert.com)
Date: Fri Dec 16 2005 - 16:44:25 GMT-3
Do you have any access-list config? Post the entire router config excluding any sensitive info.
Brian McGahan, CCIE #8593
bmcgahan@internetworkexpert.com
Internetwork Expert, Inc.
http://www.InternetworkExpert.com
Toll Free: 877-224-8987 x 705
Outside US: 775-826-4344 x 705
24/7 Support: http://forum.internetworkexpert.com
Live Chat: http://www.internetworkexpert.com/chat/
________________________________________
From: cejackson1@comcast.net [mailto:cejackson1@comcast.net]
Sent: Friday, December 16, 2005 1:35 PM
To: Brian McGahan; ccielab@groupstudy.com
Cc: ccielab@groupstudy.com
Subject: RE: Static NAT
yeh, i had looked at that earlier and no response.
One thing from customer LAN on 192.168.1.0 network he can connect to the 192.168.1.15..
cecil
-------------- Original message --------------
From: "Brian McGahan" <bmcgahan@internetworkexpert.com>
> Traceroute is not a good indication as it is (usually) UDP based. Telnet to
> 70.232.137.178 at port 80, 70.232.137.180 at port 5900, and 70.232.137.179 at
> port 5901 and see if you get an open connection.
>
>
> HTH,
>
> Brian McGahan, CCIE #8593
> bmcgahan@internetworkexpert.com
>
> Internetwork Expert, Inc.
> http://www.InternetworkExpert.com
> Toll Free: 877-224-8987 x 705
> Outside US: 775-826-4344 x 705
> 24/7 Support: http://forum.internetworkexpert.com
> Live Chat: http://www.internetworkexpert.com/chat/
>
> ________________________________________
> From: cejackson1@comcast.net [mailto:cejackson1@comcast.net]
> Sent: Friday, December 16, 2005 1:14 PM
> To: Brian McGahan; ccielab@groupstudy.com
> Cc: ccielab@groupstudy.com
> Subject: RE: Static NAT
>
> when I traceroute from outside, the trace stops on the routes.
>
> Sometimes the translations does show the translations.
>
> Customer these devices behind a DMZ at some of his other locations, should these
> ips behind DMS on this router. it is a cisco 1721
>
>
> tcp 70.232.137.178:80 192.168.1.15:80 68.90.107.195:1241 68.90.107.195:1241
>
> -------------- Original message --------------
> From: "Brian McGahan"
>
> > What's the problem then? These are your static entries:
> >
> > Pro Inside global Inside local Outside local Outside global
> > tcp 70.232.137.178:80 192.168.1.15:80 --- ---
> > tcp 70.232.137.180:5900 192.168.1.99:5900 --- ---
> > tcp 70.232.137.179:5901 192.168.1.98:5901 --- ---
> >
> > Have you tried to reach these hosts from the outside?
> >
> > Brian McGahan, CCIE #8593
> > bmcgahan@internetworkexpert.com
> >
> > Internetwork Expert, Inc.
> > http://www.InternetworkExpert.com
> > Toll Free: 877-224-8987 x 705
> > Outside US: 775-826-4344 x 705
> > 24/7 Support: http://forum.internetworkexpert.com
> > Live Chat: http://www.internetworkexpert.com/chat/
> >
> > ________________________________________
> > From: cejackson1@comcast.net [mailto:cejackson1@comcast.net]
> > Sent: Friday, December 16, 2005 12:35 PM
> > To: Brian McGahan; ccielab@groupstudy.com
> > Cc: ccielab@groupstudy.com
> > Subject: RE: Static NAT
> >
> >
> >
> > abscom64#sh ip nat translations
> > Pro Inside global Inside local Outside local Outside global
> > udp 70.232.137.183:1028 192.168.1.84:1028 216.133.229.54:3527
> 216.133.229.54:352
> > 7
> > tcp 70.232.137.183:1075 192.168.1.84:1075 216.133.229.54:1433
> 216.133.229.54:143
> > 3
> > tcp 70.232.137.178:80 192.168.1.15:80 --- ---
> > tcp 70.232.137.183:1047 192.168.1.84:1047 65.169.19.139:80 65.169.19.139:80
> > tcp 70.232.137.183:1500 192.168.1.84:1500 216.133.229.54:1801
> 216.133.229.54:180
> > 1
> > tcp 70.232.137.183:1502 192.168.1.84:1502 216.133.229.54:1801
> 216.133.229.54:180
> > 1
> > udp 70.232.137.183:1028 192.168.1.84:1028 64.42.224.193:3527
> 64.42.224.193:3527
> > tcp 70.232.137.183:1499 192.168.1.84:1499 64.42.224.193:1801
> 64.42.224.193:1801
> > tcp 70.232.137.183:1501 192.168.1.84:1501 64.42.224.193:1801
> 64.42.224.193:1801
> > tcp 70.232.137.183:1503 192.168.1.84:1503 64.42.224.193:1801
> 64.42.224.193:1801
> > tcp 70.232.137.180:5900 192.168.1.99:5900 --- ---
> > tcp 70.232.137.179:5901 192.168.1.98:5901 --- ---
> > abscom64#
> >
> > -------------- Original message --------------
> > From: "Brian McGahan"
> >
> > > You can do both at the same time. Post the "show ip nat translations"
> > > output.
> > >
> > > Brian McGahan, CCIE #8593
> > > bmcgahan@internetworkexpert.com
> > >
> > > Internetwork Expert, Inc.
> > > http://www.InternetworkExpert.com
> > > Toll Free: 877-224-8987 x 705
> > > Outside US: 775-826-4344 x 705
> > > 24/7 Support: http://forum.internetworkexpert.com
> > > Live Chat: http://www.internetworkexpert.com/chat/
> > >
> > >
> > > > -----Original Message-----
> > > > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
> > > Of
> > > > cejackson1@comcast.net
> > > > Sent: Friday, December 16, 2005 12:17 PM
> > > > To: ccielab@groupstudy.com
> > > > Subject: Static NAT
> > > >
> > > > if i have the inside nat statement on e0/0 and out side on s0/0
> > > >
> > > > the nat pool is working but the static entries are not?
> > > >
> > > > suggestion
> > > >
> > > >
> > > > ip nat pool paauto 70.232.137.181 70.232.137.190 netmask
> > > 255.255.255.240
> > > > ip nat inside source list 121 pool paauto overload
> > > >
> > > > ip nat inside source static tcp 192.168.1.98 5901 70.232.137.179 5901
> > > > extendable
> > > > ip nat inside source static tcp 192.168.1.99 5900 70.232.137.180 5900
> > > > extendable
> > > > ip nat inside source static tcp 192.168.1.15 80 70.232.137.178 80
> > > > extendable
> > > >
> > > > ip classless
> > > > ip route 0.0.0.0 0.0.0.0 70.255.44.177
> > > > ip http server
> > > > !
> > > > access-list 121 permit ip 192.168.1.0 0.0.0.255 any
> > > > !
> > > >
> > > >
> > > _______________________________________________________________________
> > > > Subscription information may be found at:
> > > > http://www.groupstudy.com/list/CCIELab.html
> > >
> > > _______________________________________________________________________
> > > Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Mon Jan 09 2006 - 07:07:51 GMT-3