Re: Ip services questions

From: secondie (secondie@gmail.com)
Date: Thu Jul 27 2006 - 11:02:57 ART

Here is the working config/scenario for NAT:

(PC )10.1.1.1.2 ---- 10.1.1.1 (R1) -- 1.1.1.1 ------1.1.1.2 (R2)

PC goes to 1.1.1.100 port 80 for telnet.

hostname R1
interface FastEthernet0/0
 ip address 10.1.1.1 255.255.255.0
 ip nat outside
!
interface FastEthernet0/1
 ip address 1.1.1.1 255.255.255.0
 ip nat inside
!
ip nat inside source static tcp 1.1.1.2 23 1.1.1.100 80 extendable no-alias
ip http server
no ip http secure-server
ip classless

 From my pc at 10.1.1.2

telnet 1.1.1.100 80
User Access Verification

Password:
R2> << ========= WORKS !!!!!

And the debugs:

R1#debug ip nat
IP NAT debugging is on
R1#
R1#
R1#
*Mar 1 00:29:43.255: NAT: TCP s=2023, d=80->23
*Mar 1 00:29:43.255: NAT: s=10.1.1.2, d=1.1.1.100->1.1.1.2 [9672]
*Mar 1 00:29:43.259: NAT: TCP s=23->80, d=2023
*Mar 1 00:29:43.259: NAT: s=1.1.1.2->1.1.1.100, d=10.1.1.2 [0]
*Mar 1 00:29:43.259: NAT*: TCP s=2023, d=80->23
*Mar 1 00:29:43.259: NAT*: s=10.1.1.2, d=1.1.1.100->1.1.1.2 [9673]
*Mar 1 00:29:43.267: NAT*: TCP s=23->80, d=2023
*Mar 1 00:29:43.267: NAT*: s=1.1.1.2->1.1.1.100, d=10.1.1.2 [1]
*Mar 1 00:29:43.267: NAT*: TCP s=2023, d=80->23
*Mar 1 00:29:43.267: NAT*: s=10.1.1.2, d=1.1.1.100->1.1.1.2 [9674]
*Mar 1 00:29:43.271: NAT*: TCP s=23->80, d=2023
*Mar 1 00:29:43.271: NAT*: s=1.1.1.2->1.1.1.100, d=10.1.1.2 [2]
*Mar 1 00:29:43.275: NAT*: TCP s=2023, d=80->23
*Mar 1 00:29:43.275: NAT*: s=10.1.1.2, d=1.1.1.100->1.1.1.2 [9675]
*Mar 1 00:29:43.275: NAT*: TCP s=23->80, d=2023
*Mar 1 00:29:43.275: NAT*: s=1.1.1.2->1.1.1.100, d=10.1.1.2 [3]
*Mar 1 00:29:43.279: NAT*: TCP s=2023, d=80->23
*Mar 1 00:29:43.279: NAT*: s=10.1.1.2, d=1.1.1.100->1.1.1.2 [9676]
*Mar 1 00:29:43.483: NAT*: TCP s=23->80, d=2023
*Mar 1 00:29:43.483: NAT*: s=1.1.1.2->1.1.1.100, d=10.1.1.2 [4]
R1#un all
All possible debugging has been turned off

HTH
-firstie

Ivan wrote:

>> Q3:
>> How can I make a connection to <IP1> TCP port 80 being redirected to <IP2>
>> TCP port 23 to access the router CLI?
>>
>
> This can be achieved with static NAT.

This archive was generated by hypermail 2.1.4 : Tue Aug 01 2006 - 07:13:48 ART