Hello to all,
Just wanted to see if somebody out there with a keener eye than mine (ok smarter too ;-) could look at this config and let me know whether the Nat statements look ok or not?
We are having trouble RDP'ing in to a remote office that has just added a Symantec Firewall (prior to the firewall we had no problems connecting) and we can still RDP in anywhere else. BUT, here is the output from the symantec Firewall that makes us think maybe it is our cisco config?
Symantec LOG: Feb 22, 2005 09:10:06.031 AM CST eswfirewall.yyy.net pingd 2009 503 ALERT Reverse address does not match, so denied, Count=1, Source IP=xxx.136.124.162, Destination Name=xxx.250.135.1, Destination IP=0.0.0.0
We have had problems with our ISP and think that it may be them but we know what their answer will be (not our fault etc.) so please advise if you see anything that you see as being off or if it looks good that will help us in building a case to look elsewhere. Thanks.
Current configuration:
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname
!
no logging buffered
no logging console
enable secret xxxx
!
memory-size iomem 25
ip subnet-zero
no ip source-route
no ip finger
ip domain-name
!
!
!
interface Serial0
description T1 to ISP
ip address xxx.136.124.162 255.255.255.252
no ip directed-broadcast
ip nat outside
encapsulation ppp
keepalive 5
no fair-queue
no cdp enable
!
interface FastEthernet0
description LAN
ip address xxx.250.135.1 255.255.255.240 secondary
ip address 192.168.100.254 255.255.255.0
no ip redirects
no ip directed-broadcast
no ip proxy-arp
ip nat inside
no cdp enable
!
ip nat inside source list 101 interface Serial0 overload
ip nat inside source static tcp 192.168.100.2 110 xxx.250.135.1 110 extendable
ip nat inside source static tcp 192.168.100.2 80 xxx.250.135.1 80 extendable
ip nat inside source static tcp 192.168.100.2 25 xxx.250.135.1 25 extendable
ip nat inside source static tcp 192.168.100.2 21 xxx.250.135.1 21 extendable
ip nat inside source static tcp 192.168.100.2 20 xxx.250.135.1 20 extendable
ip nat inside source static tcp 192.168.100.2 4125 xxx.250.135.1 4125 extendable
ip nat inside source static tcp 192.168.100.2 443 xxx.250.135.1 443 extendable
ip nat inside source static tcp 192.168.100.2 3389 xxx.250.135.1 3389 extendable
ip classless
ip route 0.0.0.0 0.0.0.0 xxx.136.124.161
no ip http server
!
access-list 101 permit ip 192.168.100.0 0.0.0.255 any
no cdp run
!
line con 0
password xxxx
login
transport input none
line aux 0
line vty 0 4
password xxxx
login
!
end