cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
376
Views
0
Helpful
2
Replies

Nat Question

stevem
Level 1
Level 1

Hello to all,

Just wanted to see if somebody out there with a keener eye than mine (ok smarter too ;-) could look at this config and let me know whether the Nat statements look ok or not?

We are having trouble RDP'ing in to a remote office that has just added a Symantec Firewall (prior to the firewall we had no problems connecting) and we can still RDP in anywhere else. BUT, here is the output from the symantec Firewall that makes us think maybe it is our cisco config?

Symantec LOG: Feb 22, 2005 09:10:06.031 AM CST eswfirewall.yyy.net pingd 2009 503 ALERT Reverse address does not match, so denied, Count=1, Source IP=xxx.136.124.162, Destination Name=xxx.250.135.1, Destination IP=0.0.0.0

We have had problems with our ISP and think that it may be them but we know what their answer will be (not our fault etc.) so please advise if you see anything that you see as being off or if it looks good that will help us in building a case to look elsewhere. Thanks.

Current configuration:

!

version 12.0

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

hostname

!

no logging buffered

no logging console

enable secret xxxx

!

memory-size iomem 25

ip subnet-zero

no ip source-route

no ip finger

ip domain-name

!

!

!

interface Serial0

description T1 to ISP

ip address xxx.136.124.162 255.255.255.252

no ip directed-broadcast

ip nat outside

encapsulation ppp

keepalive 5

no fair-queue

no cdp enable

!

interface FastEthernet0

description LAN

ip address xxx.250.135.1 255.255.255.240 secondary

ip address 192.168.100.254 255.255.255.0

no ip redirects

no ip directed-broadcast

no ip proxy-arp

ip nat inside

no cdp enable

!

ip nat inside source list 101 interface Serial0 overload

ip nat inside source static tcp 192.168.100.2 110 xxx.250.135.1 110 extendable

ip nat inside source static tcp 192.168.100.2 80 xxx.250.135.1 80 extendable

ip nat inside source static tcp 192.168.100.2 25 xxx.250.135.1 25 extendable

ip nat inside source static tcp 192.168.100.2 21 xxx.250.135.1 21 extendable

ip nat inside source static tcp 192.168.100.2 20 xxx.250.135.1 20 extendable

ip nat inside source static tcp 192.168.100.2 4125 xxx.250.135.1 4125 extendable

ip nat inside source static tcp 192.168.100.2 443 xxx.250.135.1 443 extendable

ip nat inside source static tcp 192.168.100.2 3389 xxx.250.135.1 3389 extendable

ip classless

ip route 0.0.0.0 0.0.0.0 xxx.136.124.161

no ip http server

!

access-list 101 permit ip 192.168.100.0 0.0.0.255 any

no cdp run

!

line con 0

password xxxx

login

transport input none

line aux 0

line vty 0 4

password xxxx

login

!

end

2 Replies 2

mhussein
Level 4
Level 4