Home | Recovery | Cisco How To Net How To | Blog | Search | Forums | Services | Setup Guide | Chicagotech MVP | IT Exam Practice  |  About Us | Contact Us|

Chicago Area Laptop for rent: $35 per day plus $10 for additional day
rental

 

Issue with NAT in Cisco 831

Q: We just added another XP computer to our network and would like to access it using Remote Desktop from the Internet. So, we added this line in the Cisco 831 router.
ip nat outside source static tcp x.x.x.71 3389 172.16.5.2 3389 extendable

or SDM configuration.

But the user could notaccess it using the RDP from the Internet and he received the IP conflict message. What's wrong with the Cisco router configuration?

version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname 831
!
clock timezone America/Chicago -6
clock summer-time America/Chicago date Apr 6 2003 2:00 Oct 26 2003 2:00
no aaa new-model
ip subnet-zero
no ip source-route
ip domain name cisco.com
ip name-server 4.2.2.1
ip dhcp excluded-address 172.16.5.1 172.16.5.9
ip dhcp excluded-address 172.16.5.51 172.16.5.254
!
ip dhcp pool sdm-pool1
network 172.16.5.0 255.255.255.0
default-router 172.16.5.1
dns-server 4.2.2.1
!
!
no ip bootp server
ip inspect name sdm_ins_in_100 cuseeme
ip inspect name sdm_ins_in_100 ftp
ip inspect name sdm_ins_in_100 h323
ip inspect name sdm_ins_in_100 netshow
ip inspect name sdm_ins_in_100 rcmd
ip inspect name sdm_ins_in_100 realaudio
ip inspect name sdm_ins_in_100 rtsp
ip inspect name sdm_ins_in_100 smtp
ip inspect name sdm_ins_in_100 sqlnet
ip inspect name sdm_ins_in_100 streamworks
ip inspect name sdm_ins_in_100 tftp
ip inspect name sdm_ins_in_100 tcp
ip inspect name sdm_ins_in_100 udp
ip inspect name sdm_ins_in_100 vdolive
ip inspect name sdm_ins_in_100 icmp
ip audit notify log
ip audit po max-events 100
no ftp-server write-enable
!
!
interface Ethernet0
description $FW_INSIDE$$ETH-LAN$
ip address 172.16.5.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
no cdp enable
!
interface Ethernet1
description $FW_OUTSIDE$$ETH-WAN$
ip address x.x.x.70 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip inspect sdm_ins_in_100 in
duplex auto
no cdp enable
!
interface FastEthernet1
no ip address
duplex auto
speed auto
!
interface FastEthernet2
no ip address
duplex auto
speed auto
!
interface FastEthernet3
no ip address
duplex auto
speed auto
!
interface FastEthernet4
no ip address
duplex auto
speed auto
!
ip nat inside source list 1 interface Ethernet1 overload
ip nat outside source static tcp x.x.x.70 3389 172.16.5.11 3389 extendable
ip nat outside source static tcp x.x.x.71 3389 172.16.5.2 3389 extendable
ip classless
ip route 0.0.0.0 0.0.0.0 x.x.x.1 permanent
ip http server
ip http authentication local
ip http secure-server
!
access-list 1 permit 172.0.0.0 0.255.255.255
no cdp run
banner login ^CCAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
no modem enable
line aux 0
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
!
end

A: Modify these lines to

ip nat inside source static tcp 172.16.5.13 3389 192.168.10.70 3389 extendable

ip nat inside source static tcp 172.16.5.13 3389 192.168.10.71 3389 extendable

Or this is correct SDM configuration.

Related Topics

Cisco VPN client errors

Cisco VPN Client error - The remote peer is no longer responding ... You receive not connected when running Cisco VPN client ...
www.chicagotech.net/ciscoclienterrors.htm

Cisco router firewall

Symptom: You are using Cisco VPN client to establish VPN connection on Cisco PIX. The PIX assigns ip 192.168.1.1 but you can't ping LAN ip like 10.0.0.10. ...
www.chicagotech.net/ciscorouter.htm

Can ping from the router but not from inside computers
Can't access clients in the LAN after establishing Cisco VPN client
Can't access remote computer with Cisco VPN
Can’t load Cisco SDM
Cisco VPN client errors
Cisco VPN client cannot access any remote resources
Different port-map and NAT
I
nternet down every 30 minutes
O
ne Cisco switch doesn't talk to other

 

 

Bob Lin Photography services

Real Estate Photography services 

 

  This web is provided "AS IS" with no warranties.
Copyright © 2002-2018 ChicagoTech.net, All rights reserved. Unauthorized reproduction forbidden.