I have a GNS3 LAB with 3 routers.
I am trying to do a reversible NAT for several thousands of ports to the server. (R1) for this purpose. I try to telnet from R3 to R1 on any port (lets say 80 in this instance), I have an ACL (outside-in) set up on the interface of R2 to log the traffic. and I see that a packet goes through on port "0"
Why do we have a packet showing up on port 0 when I telnet to port 80? ! ! R2#ip nat inside source static 1.1.1.1 63.175.69.29 route-map inbound reversible route-map inbound permit 10 match ip address nat ! route-map inbound deny 20 ! ip access-list extended nat permit tcp any eq www any permit tcp any range 60000 64999 any log deny tcp any any log ! ! R3# telnet 63.175.69.29 80 !(unless the ACL has permit any any, I get rejected, (Below)) R2#
*Mar 1 00:44:35.771: %SEC-6-IPACCESSLOGP: list outside-in permitted tcp 34.34.34.4(0) -> 63.175.69.29(0), 1 packet R2# R2# *Mar 1 01:48:26.051: NAT(acl): name nat failedWhen coming from inside, the nat works, and the first packet shows the correct port. R2#*Mar 1 00:57:02.879: %SEC-6-IPACCESSLOGP: list nat permitted tcp
1.1.1.1(61804) -> 3.3.3.3(80), 1 packetWhen coming from outside, the nat doesn't work, I think because The first packet shows the incorrect port (0). R3#telnet 63.175.69.29 80 /source Loopback0 R2(config-ext-nacl)#*Mar 1 00:49:32.051: %SEC-6-IPACCESSLOGP: list nat permitted tcp 1.1.1.1(0) -> 3.3.3.3(0), 1 packet
Thanks, Crzzy1