Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
3254
Views
5
Helpful
6
Replies

UNABLE TO TELNET FROM OUTSIDE INTERFACE

Go to solution
isaaco001
Level 3
Level 3

‎03-02-2019 09:42 AM

Hi community,

I have tried this port forwarding  for some time now but i cant see why its not working, i have looked at some forums but still i keep getting errors like asymmetric nat. please assist.

am trying to telnet from an outside ip to inside router behind ASA.please find run config attached.

 

object network R3
nat (Inside-dmz,outside) static interface service tcp telnet telnet


access-group outside_access_in in interface outside

 

Thank you all!

Labels:
portf.txt
Preview file
9 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
venkat_n7
Level 1
Level 1
In response to isaaco001

‎03-03-2019 08:51 PM - edited ‎03-03-2019 09:02 PM

if you have to telnet from outside to inside, we do use nat'd IP of firewall to connect to inside host. from basics, try to telnet from your router 192.168.137.10 - to - firewall outside interface 192.168.137.1. Because you did PAT over firewall, so if you want to telnet router with ip 192.168.1.1 from 192.158.137.10 use NAT's IP which is 192.168.137.1 to get telnet access to 192.168.1.1 router.

 

HLaFcWrkQwSAGYVUOwMYpg_thumb_281.jpg

Please rate comments and support
with regards,
Venkat

View solution in original post

6 Replies 6

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎03-02-2019 08:06 PM

From a quick glance it looks ok. What does packet-tracer tell you? e.g.:

packet-tracer input outside tcp 8.8.8.8 1025 192.168.3.1 23
0 Helpful

Go to solution
isaaco001
Level 3
Level 3
In response to Marvin Rhoads

‎03-03-2019 06:46 AM

Hi Marvin,

Firstly, thanks for the reply.

I have continued working on it and made changes to the configuration to make things simpler. I just have two interface now inside and outside,but its essentially the same.

log from monitoring

5 Mar 03 2019 14:35:47 305013 192.168.137.10 32592 192.168.1.1 23 Asymmetric NAT rules matched for forward and reverse flows; Connection for tcp src outside:192.168.137.10/32592 dst inside:192.168.1.1/23 denied due to NAT reverse path failure

 

Packet tracer indicates that there's a nat problem. in this lab, 192.168.137.10 represents "internet".

portf2.txt
Preview file
8 KB
0 Helpful

Go to solution
isaaco001
Level 3
Level 3
In response to Marvin Rhoads

‎03-03-2019 06:48 AM

This is the  packet tracer snapshot ,attached.

packett.PNG
Preview file
35 KB
0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to isaaco001

‎03-03-2019 07:39 PM

Please share the nat and routing configuration stanzas. i.e., "show run nat" and "show run route".

0 Helpful

Go to solution
venkat_n7
Level 1
Level 1
In response to isaaco001

‎03-03-2019 08:51 PM - edited ‎03-03-2019 09:02 PM

if you have to telnet from outside to inside, we do use nat'd IP of firewall to connect to inside host. from basics, try to telnet from your router 192.168.137.10 - to - firewall outside interface 192.168.137.1. Because you did PAT over firewall, so if you want to telnet router with ip 192.168.1.1 from 192.158.137.10 use NAT's IP which is 192.168.137.1 to get telnet access to 192.168.1.1 router.

 

HLaFcWrkQwSAGYVUOwMYpg_thumb_281.jpg

Please rate comments and support
with regards,
Venkat

Go to solution
isaaco001
Level 3
Level 3
In response to venkat_n7

‎03-03-2019 10:55 PM

hi venkat_n7,

 

Thanks,this explains it!

 

Regards,

Isaac.

0 Helpful
Review Cisco Networking for a $25 gift card
Top