1. Home
  2. Cisco Systems
  3. PAT not working :-(

PAT not working :-(

Hi Guys,

I have an 831 cisco router that will not translate ports correctly :-/. I can forward some ports but it will refuse to forward others. I can forward port 516 but I cant forward 515 for some strange reason. I did some sniffing while trying to forward port 23 to my computer and all I got was SYN,SYN/ACK and then a RST so I could not connect on the telnet machine. Here is my config:

Any thoughts on why it will not forward certain ports or where to continue troubleshooting? I'm stumped! Thanx!

version 12.3 no service pad service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Router ! enable secret 5 enable password ! no aaa new-model ip subnet-zero ip dhcp excluded-address 192.168.1.1 192.168.1.15 ip dhcp excluded-address 192.168.1.10 ! ip dhcp pool red-interna network 192.168.1.0 255.255.255.0 default-router 192.168.1.1 dns-server 209.205.195.68 netbios-name-server 192.168.1.10 netbios-node-type h-node lease 2 ! ip audit notify log ip audit po max-events 100 ip ssh break-string no ftp-server write-enable ! no crypto isakmp enable ! ! interface Ethernet0 description Red_Interna ip address 192.168.1.1 255.255.255.0 ip nat inside no cdp enable ! interface Ethernet1 description Internet ip address 209.205.222.50 255.255.255.248 ip nat outside no cdp enable ! ip nat inside source list 101 interface Ethernet1 overload ip nat inside source static tcp 192.168.1.10 80 209.205.222.50 80 extendable ip nat inside source static tcp 192.168.1.13 5900 209.205.222.50 5919 extendable ip nat inside source static tcp 192.168.1.7 515 209.205.222.50 516 extendable ip nat inside source static tcp 192.168.1.7 515 209.205.222.50 515 extendable ip classless ip route 0.0.0.0 0.0.0.0 209.205.222.49 no ip http server no ip http secure-server ! access-list 101 permit ip any any access-list 101 permit ip 0.0.0.0 255.255.255.0 any access-list 103 permit tcp 0.0.0.205 255.255.255.0 eq telnet any snmp-server enable traps tty no cdp run ! line con 0 no modem enable transport preferred all transport output all line aux 0 transport preferred all transport output all line vty 0 4 exec-timeout 120 0 password Hercules9 login length 0 transport preferred all transport input all transport output all ! scheduler max-task-time 5000 ! end

Reply to
Laughing Man
Loading thread data ...

I may be wrong here, but you do have the PAT translation configured, but I do not see any ACL enabled on any interface. Just because you have a PAT configured you will still need an ACL to match that traffic.

HTH

Reply to
Smokey

Hi, thanks!

You're right, I dont have any ACL's. But why would I need one? I thought I would need ACL's if I need to limit or fiter packets. Won't the packets on the ports specified in the PAT config. lines get automaticly forwarded with out the need for an aditional ACL? Other ports (80, 516, 5919) are already being forwarded properly without any other ACL. Its just port 23 and 515 I've seen problems with.

Any thoughts?

- Show quoted text -

Reply to
Laughing Man

The PAT config just takes care of the translation. You still have to permit the traffic with an ACL.

Chris.

Reply to
chris

Try being more specific on your PAT translation ACL ... it might work better.

access-list 101 deny tcp host 192.168.1.10 any eq 80 access-list 101 deny tcp host 192.168.1.13 any eq 5900 access-list 101 deny tcp host 192.168.1.7 any eq 515 access-list 101 permit ip 192.168.1.0 255.255.255.0 any

::hack.bac::

P.S. >> The "service password-encrypti> Hi Guys,

Reply to
hack.bac

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.