Solved: One to One NAT and Telnet Access

Zayar Win · ‎09-09-2015

I have installed my VOIP Device in LAN network with 192.168.X.X / 24 and I do one to one mapping with one Public IP (X.X.X.X /32) in ASA to get access form internet. Now I can ping from outside. But I can access telnet port 23. I am sure my VOIP device can be login telnet to Private IP in the LAN. But when I access from Internet I can't.....

What is the issue? How can I check?

Thanks you all

Andres Vega · ‎09-10-2015

Zayar,

I think your problem is due to security levels. And you have to permit incoming traffic from any ip adress to the public ip on port 23

Have you placed a capture on the outside interface in order to know if telnet is being dropped due to an access-list? If not, please proceed to do it, and provide us with the outputs, in addition provide outputs for packet-tracert command and show logs matching public ip address

Capture syntax:

Capture 《capture name》 interface 《interface name》match ip host any host 《public ip address》 eq 23

Packet tracert command

Packet-tracert input 《outside interface》 tcp 《any public ip address》《any random port》《NATed ip address》 23

E.g

1.1.1.1 is the NATed ip address

Packet-tracert input outside tcp 8.8.8.8 12345 1.1.1.1 23

Make sure logs are enabled and provide outputs for below command

Show log | inc 《public ip address》

View solution in original post

Andres Vega · ‎09-10-2015