RE: Ip services questions

From: Antonio Tassone (antonio.tassone@poste.it)
Date: Thu Jul 27 2006 - 11:38:56 ART

• Next message: Joe Rinehart: "RE: CCIE #16602"
• Previous message: James Ventre: "Re: Updated Lab"
• Maybe in reply to: Antonio Tassone: "Ip services questions"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Ok, but what if traffic from your PC comes to R1 from the same interface you
reach R2 through?
  
 --- ip nat outside - R1 - ip nat inside ------ R2 ---- PC

I mean: if you can't know for sure where the telnet traffic will come from,
how can the NAT be used?

> -----Original Message-----
> From: secondie [mailto:secondie@gmail.com]
> Sent: giovedl 27 luglio 2006 16.03
> To: Ivan
> Cc: ccielab@groupstudy.com; Antonio Tassone
> Subject: Re: Ip services questions
>
> Here is the working config/scenario for NAT:
>
> (PC )10.1.1.1.2 ---- 10.1.1.1 (R1) -- 1.1.1.1 ------1.1.1.2 (R2)
>
> PC goes to 1.1.1.100 port 80 for telnet.
>
> hostname R1
> interface FastEthernet0/0
> ip address 10.1.1.1 255.255.255.0
> ip nat outside
> !
> interface FastEthernet0/1
> ip address 1.1.1.1 255.255.255.0
> ip nat inside
> !
> ip nat inside source static tcp 1.1.1.2 23 1.1.1.100 80
> extendable no-alias ip http server no ip http secure-server
> ip classless
>
>
> From my pc at 10.1.1.2
>
> telnet 1.1.1.100 80
> User Access Verification
>
> Password:
> R2> << ========= WORKS !!!!!
>
>
> And the debugs:
>
> R1#debug ip nat
> IP NAT debugging is on
> R1#
> R1#
> R1#
> *Mar 1 00:29:43.255: NAT: TCP s=2023, d=80->23 *Mar 1
> 00:29:43.255: NAT: s=10.1.1.2, d=1.1.1.100->1.1.1.2 [9672]
> *Mar 1 00:29:43.259: NAT: TCP s=23->80, d=2023 *Mar 1
> 00:29:43.259: NAT: s=1.1.1.2->1.1.1.100, d=10.1.1.2 [0] *Mar
> 1 00:29:43.259: NAT*: TCP s=2023, d=80->23 *Mar 1
> 00:29:43.259: NAT*: s=10.1.1.2, d=1.1.1.100->1.1.1.2 [9673]
> *Mar 1 00:29:43.267: NAT*: TCP s=23->80, d=2023 *Mar 1
> 00:29:43.267: NAT*: s=1.1.1.2->1.1.1.100, d=10.1.1.2 [1] *Mar
> 1 00:29:43.267: NAT*: TCP s=2023, d=80->23 *Mar 1
> 00:29:43.267: NAT*: s=10.1.1.2, d=1.1.1.100->1.1.1.2 [9674]
> *Mar 1 00:29:43.271: NAT*: TCP s=23->80, d=2023 *Mar 1
> 00:29:43.271: NAT*: s=1.1.1.2->1.1.1.100, d=10.1.1.2 [2] *Mar
> 1 00:29:43.275: NAT*: TCP s=2023, d=80->23 *Mar 1
> 00:29:43.275: NAT*: s=10.1.1.2, d=1.1.1.100->1.1.1.2 [9675]
> *Mar 1 00:29:43.275: NAT*: TCP s=23->80, d=2023 *Mar 1
> 00:29:43.275: NAT*: s=1.1.1.2->1.1.1.100, d=10.1.1.2 [3] *Mar
> 1 00:29:43.279: NAT*: TCP s=2023, d=80->23 *Mar 1
> 00:29:43.279: NAT*: s=10.1.1.2, d=1.1.1.100->1.1.1.2 [9676]
> *Mar 1 00:29:43.483: NAT*: TCP s=23->80, d=2023 *Mar 1
> 00:29:43.483: NAT*: s=1.1.1.2->1.1.1.100, d=10.1.1.2 [4]
> R1#un all All possible debugging has been turned off
>
> HTH
> -firstie
>
>
> Ivan wrote:
>
>
>
> >> Q3:
> >> How can I make a connection to <IP1> TCP port 80 being
> redirected to
> >> <IP2> TCP port 23 to access the router CLI?
> >>
> >
> > This can be achieved with static NAT.

• Next message: Joe Rinehart: "RE: CCIE #16602"
• Previous message: James Ventre: "Re: Updated Lab"
• Maybe in reply to: Antonio Tassone: "Ip services questions"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Aug 01 2006 - 07:13:48 ART