Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

CIsco 1720 NAT - Map port to inside server?

Status
Not open for further replies.
ybym

ybym

Programmer
Apr 23, 2002
7
0
0
MX
I am trying to configure a Cisco 1720 using NAT (which is working) to allow access from the outside to an inside FTP server (which is not working).

My config looks like this:

interface FastEthernet 0
ip address 192.168.0.2 255.255.255.0
ip nat inside
keepalive 10

interface Serial 0.1 point-to-point
ip address xx.xx.xx.xx xx.xx.xx.xx
ip nat outside

access-list 1 permit 192.168.0.0 0.0.0.255
ip nat inside source static tcp 192.168.0.4 20 65.217.197.86 20 extendable

According to everything I've seen (over the last three days <g>), this should be working.

Any tips greatly appreciated,

Bob M..
 
Sort by date Sort by votes
Thanks Alain. I added:

ip nat inside source static tcp 192.168.0.4 21 xx.xx.xx.xx 21 extendable

But still no luck. According to the document you pointed to, I should at least be able to connect to the ftp server. However, I get a 'connection refused' error message.

tia,

Bob M..
 
Upvote 0 Downvote
Does it work when you map ext. to int. address without putting the ports (eg. open for all ports)?

I also miss some config. lines, eg.:

For example when using multiple public addresses:
ip nat pool net-0 <public start-addr.> <public end address> netmask <mask>
ip nat inside source list 1 pool net-0
access-list 1 permit <private Subnet> <wildcard mask>
ip nat inside source static <private addr.> <public addr.>

Or if you have only one public address (as in your case most probably):
ip nat inside source list 1 interface Serial0.1 overload
access-list 1 permit <private Subnet> <wildcard mask>
ip nat inside source static <private addr.> <public addr.>
 
Upvote 0 Downvote
Alain,

Looks like I had it right all along. When I used a dialup account to check, it works perfectly.

It doesn't look like I'm allowed to access the external address from an internal address. No big deal at this point, but I've ordered the Cisco in a Nutshell just in case.

Thanks again,

Bob M..
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

pbxcomm
  • Locked
  • Question
CISCO VG450
Replies
1
Views
120
bdk76
bdk76
Skip Rango
  • Locked
  • Question
how to backup cisco sg500-52p switch
Replies
1
Views
106
madwok
madwok
Zero6
  • Locked
  • Question
question about cisco cbs 350-12xs 12 port 10g sfp+
Replies
0
Views
71
Zero6
Zero6
Jared R
  • Locked
  • Question
Cisco UC320W Paging Help
Replies
0
Views
123
Jared R
Jared R
Hayden09
  • Locked
  • Question
Cisco Sg-300 Flapping?
Replies
0
Views
110
Hayden09
Hayden09

Part and Inventory Search

Sponsor

Back
Top