Hi Joe,
You should have 'outside' keyword to make Outside NAT work:
nat (outside) 1 access-list CT-DYN-POLICY-NAT outside
More hints:
- ensure you have telnet access to 66.236.14.229 allowed in outside ACL
- you do not need Virtual Telnet, your clients will be automatically asked
for authentication while connecting to 66.236.14.229
- this command 'ASA(config)# global (inside) 1 66.236.14.229' does not have
any sense
- you can use Outside PAT in this case, so instead you can use command like
'global (in) 1 interface)'
HTH
Regards,
--
Piotr Matusiak
CCIE #19860 (R&S, Security), CCSI #33705
Technical Instructor
website: www.MicronicsTraining.com <http://www.micronicstraining.com/>
blog: www.ccie1.com
�If you can't explain it simply, you don't understand it well enough� -
Albert Einstein
2012/7/30 Joe Sanchez <marco207p_at_gmail.com>
> All,
>
> I've been breaking my head on this one for a while, and frankly I'm just
> out of Ideas on how to get this to work. Please see if you have seen this
> done before, or if it's just impossible to do.
>
>
>
> I have a telnet server on the inside of the network with the IP address of
> 192.168.41.160, I want to allow users from the outside to telnet to this
> server but they must be source NAT'd to a dynamic range I have chosen so
> that I can monitor and authenticate each user that is telneting to this
> server from the outside. So, I've created a Virtual Telnet on the ASA, and
> I can get the users to autheticate to the ASA virtual telnet server, but I
> cannot get the Users to hit a dynmaic nat and reach the internal Telnet
> server... When a user athenticates, their session just dies.
>
> Any help.... I can attach a visio and below is some of the configurations
> I've done without any lucky other than what is posted above.
>
> 1). ASA(config)# virtual telnet 66.236.14.229
> 2). ASA(config)# access-list CT-DYN-POLICY-NAT extended permit tcp any gt
> 1024 host 66.236.14.229 eq telnet
> 3). ASA(config)# static (inside,outside) 66.236.14.229 192.168.41.9 netmask
> 255.255.255.255
> 4). ASA(config)# access-list CT-PROXY-AUTH extended permit tcp any host
> 66.234.14.229 eq telnet
> 5). ASA(config)# aaa authentication match CT-PROXY-AUTH outside LOCAL
> 6). ASA(config)# nat (outside) 1 access-list CT-DYN-POLICY-NAT
> ASA(config)# global (inside) 1 66.236.14.229
> ASA(config)# global (inside) 1 192.168.41.150-192.168.41.160
>
>
>
> Thanks,
> Joe Sanchez
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Sun Aug 05 2012 - 20:17:02 ART