handlepascal
Technical User
Hi!
I wanted to modify a well configured (i suppose) 827 to nat the public port 5900 (VNC) to the 5900 port of the 10.158.188.45 (for example). i found in this forum that i could do :
ip nat inside source static 10.158.188.45 5900 interface Dialer0 5900
but it is not working.
I suppose that the access list is bloking me, but i am completly useless with cisco (and english), anyhelp is welcome
Using 2341 out of 131072 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
service password-encryption
!
hostname 981522952
!
logging queue-limit 100
enable secret 5 $1$TFgd$fTaGKUKW0X3UYCj0
!
username concesionarios password 7 045C1823jedd7e8fd
ip subnet-zero
no ip source-route
no ip domain lookup
ip name-server 195.235.113.3
ip name-server 195.235.96.90
ip dhcp excluded-address 10.10.10.1
!
ip dhcp pool CLIENT
import all
network 10.10.10.0 255.255.255.0
default-router 10.10.10.1
lease 0 2
!
!
no ip bootp server
ip reflexive-list timeout 900
vpdn enable
!
vpdn-group pppoe
request-dialin
protocol pppoe
!
!
!
!
interface Loopback0
no ip address
!
interface Ethernet0
ip address 10.158.188.253 255.255.255.0
no ip proxy-arp
ip nat inside
ip tcp adjust-mss 1452
no cdp enable
hold-queue 100 out
!
interface ATM0
no ip address
no atm ilmi-keepalive
pvc 8/32
pppoe-client dial-pool-number 1
!
dsl operating-mode auto
!
interface Dialer0
mtu 1492
ip address negotiated
ip access-group filtrosdeentrada in
ip access-group filtrosdesalida out
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
encapsulation ppp
dialer pool 1
ppp chap hostname OOXQRDHK@terradsl
ppp chap password 7 151D520E320F1C0270
ppp pap sent-username OOXFTPHK@terradsl password 7 151D560F35C3A0
!
ip nat inside source list 1 interface Dialer0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
ip http server
!
!
ip access-list extended filtrosdeentrada
permit icmp host 192.101.1.73 any echo-reply
permit icmp host 192.101.1.106 any echo-reply
permit icmp host 192.101.1.126 any echo
permit tcp host 192.101.1.126 any eq telnet
permit tcp any eq ftp-data any
evaluate traficoip
deny ip any any log
ip access-list extended filtrosdesalida
permit ip any any reflect traficoip
access-list 1 permit 10.158.188.0 0.0.0.255
access-list 11 permit 192.101.1.126
access-list 11 permit 10.158.188.0 0.0.0.255
access-list 11 deny any log
access-list 23 permit 10.10.10.0 0.0.0.255
no cdp run
!
banner login ^CADVERTENCIA: El acceso no autorizado sera registrado y
rigurosame
nte perseguido^C
!
line con 0
login local
stopbits 1
line vty 0 4
access-class 11 in
exec-timeout 120 0
login local
length 0
!
scheduler max-task-time 5000
!
end
I wanted to modify a well configured (i suppose) 827 to nat the public port 5900 (VNC) to the 5900 port of the 10.158.188.45 (for example). i found in this forum that i could do :
ip nat inside source static 10.158.188.45 5900 interface Dialer0 5900
but it is not working.
I suppose that the access list is bloking me, but i am completly useless with cisco (and english), anyhelp is welcome
Using 2341 out of 131072 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
service password-encryption
!
hostname 981522952
!
logging queue-limit 100
enable secret 5 $1$TFgd$fTaGKUKW0X3UYCj0
!
username concesionarios password 7 045C1823jedd7e8fd
ip subnet-zero
no ip source-route
no ip domain lookup
ip name-server 195.235.113.3
ip name-server 195.235.96.90
ip dhcp excluded-address 10.10.10.1
!
ip dhcp pool CLIENT
import all
network 10.10.10.0 255.255.255.0
default-router 10.10.10.1
lease 0 2
!
!
no ip bootp server
ip reflexive-list timeout 900
vpdn enable
!
vpdn-group pppoe
request-dialin
protocol pppoe
!
!
!
!
interface Loopback0
no ip address
!
interface Ethernet0
ip address 10.158.188.253 255.255.255.0
no ip proxy-arp
ip nat inside
ip tcp adjust-mss 1452
no cdp enable
hold-queue 100 out
!
interface ATM0
no ip address
no atm ilmi-keepalive
pvc 8/32
pppoe-client dial-pool-number 1
!
dsl operating-mode auto
!
interface Dialer0
mtu 1492
ip address negotiated
ip access-group filtrosdeentrada in
ip access-group filtrosdesalida out
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
encapsulation ppp
dialer pool 1
ppp chap hostname OOXQRDHK@terradsl
ppp chap password 7 151D520E320F1C0270
ppp pap sent-username OOXFTPHK@terradsl password 7 151D560F35C3A0
!
ip nat inside source list 1 interface Dialer0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
ip http server
!
!
ip access-list extended filtrosdeentrada
permit icmp host 192.101.1.73 any echo-reply
permit icmp host 192.101.1.106 any echo-reply
permit icmp host 192.101.1.126 any echo
permit tcp host 192.101.1.126 any eq telnet
permit tcp any eq ftp-data any
evaluate traficoip
deny ip any any log
ip access-list extended filtrosdesalida
permit ip any any reflect traficoip
access-list 1 permit 10.158.188.0 0.0.0.255
access-list 11 permit 192.101.1.126
access-list 11 permit 10.158.188.0 0.0.0.255
access-list 11 deny any log
access-list 23 permit 10.10.10.0 0.0.0.255
no cdp run
!
banner login ^CADVERTENCIA: El acceso no autorizado sera registrado y
rigurosame
nte perseguido^C
!
line con 0
login local
stopbits 1
line vty 0 4
access-class 11 in
exec-timeout 120 0
login local
length 0
!
scheduler max-task-time 5000
!
end
