Re: need to telnet to device inside FW from internet.

tmcmillion · ‎02-15-2002

I have a 1720 running 12.1(5) ip/fw ipsec and am overloading nat to the outside interface. I have a vendor on the outside that needs to be able to telnet to a server on private address space 172.16.0.0. Do I need to use a static NAT trans to this server? Is there someway to forward this telenet request to the server? Not sure how to handle this.

tepatel · ‎02-15-2002

YES..you need to use the static NAT mapping (actually its static PAT too) Lets say the outside ip address is 1.1.1.1 and inside network is 172.16.0.0 ( .1 to .4) then in order to telnet from outside to inside privet ip address, the PC which is on the internet has fo fire request for telnet not on the port 23 for 1.1.1.1 but on different ports statically. That ports are mapped to the port 23 on the inside ip addresses..like this

ip nat inside source static tcp 172.16.0.1 23 1.1.1.1 1023 extendable

ip nat inside source static tcp 172.16.0.2 23 1.1.1.1 2023 extendable

so forth

So if the router see the request for tcp port 1023 on ip address 1.1.1.1 (outside), it will conver that to port 23 on inside ip address 172.16.0.1.

But for that client side has to initiate the telnet request for port 1023 on ip 1.1.1.1 to get to 172.16.0.1..

Hope this helps.