cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
377
Views
5
Helpful
1
Replies

One to One NAT and Telnet Access

Zayar Win
Level 1
Level 1

I have installed my VOIP Device in LAN network with 192.168.X.X / 24 and I do one to one mapping with one Public IP (X.X.X.X /32)  in ASA to get access form internet. Now I can ping from outside. But I can access telnet port 23. I am sure my VOIP device can be login telnet to Private IP in the LAN. But when I access from Internet I can't.....

What is the issue? How can I check?

Thanks you all

 

1 Accepted Solution

Accepted Solutions

Andres Vega
Cisco Employee
Cisco Employee

Zayar,

I think your problem is due to security levels. And you have to  permit incoming traffic from  any ip adress to the public ip on port 23

 

Have you  placed a capture on the outside interface in order to know if telnet is being dropped due to an access-list?  If not, please proceed to do it, and provide us with the outputs, in addition provide outputs for packet-tracert command and show logs matching public ip address

 

Capture syntax:

Capture 《capture name》 interface 《interface name》match ip host any host 《public ip address》 eq 23

 

Packet tracert command

Packet-tracert input 《outside interface》 tcp 《any public ip address》 《any random port》 《NATed ip address》 23

 

E.g

1.1.1.1 is the NATed ip address

Packet-tracert input outside  tcp 8.8.8.8 12345 1.1.1.1 23

 

Make sure logs are enabled and provide outputs for below command

 

Show log | inc 《public ip address》

View solution in original post

1 Reply 1

Andres Vega
Cisco Employee
Cisco Employee

Zayar,

I think your problem is due to security levels. And you have to  permit incoming traffic from  any ip adress to the public ip on port 23

 

Have you  placed a capture on the outside interface in order to know if telnet is being dropped due to an access-list?  If not, please proceed to do it, and provide us with the outputs, in addition provide outputs for packet-tracert command and show logs matching public ip address

 

Capture syntax:

Capture 《capture name》 interface 《interface name》match ip host any host 《public ip address》 eq 23

 

Packet tracert command

Packet-tracert input 《outside interface》 tcp 《any public ip address》 《any random port》 《NATed ip address》 23

 

E.g

1.1.1.1 is the NATed ip address

Packet-tracert input outside  tcp 8.8.8.8 12345 1.1.1.1 23

 

Make sure logs are enabled and provide outputs for below command

 

Show log | inc 《public ip address》

Review Cisco Networking for a $25 gift card