it is common practice testing acl's with say port 80 using telnet...
however...
R1#telnet 200.1.1.3 80
Trying 200.1.1.3, 80 ...
% Connection refused by remote host
...this is not a desired result...
a quick fix on this is adding ip http server to the target router/switch...
R3(config)#ip http server
R1#telnet 200.1.1.3 80
Trying 200.1.1.3, 80 ... Open
this proves 80 traffic is accessible...
and in the case of nat...
R2#
*Dec 7 05:48:10.709: NAT: Entry assigned id 13
*Dec 7 05:48:10.709: NAT*: TCP s=64977->1024, d=80
*Dec 7 05:48:10.709: NAT*: s=192.168.1.1->192.168.1.10, d=200.1.1.3 [22997]
*Dec 7 05:48:10.717: NAT*: TCP s=80, d=1024->64977
*Dec 7 05:48:10.717: NAT*: s=200.1.1.3, d=192.168.1.10->192.168.1.1 [28559]
*Dec 7 05:48:10.721: NAT*: TCP s=64977->1024, d=80
*Dec 7 05:48:10.721: NAT*: s=192.168.1.1->192.168.1.10, d=200.1.1.3 [22998]
*Dec 7 05:48:10.725: NAT*: TCP s=64977->1024, d=80
*Dec 7 05:48:10.725: NAT*: s=192.168.1.1->192.168.1.10, d=200.1.1.3 [22999]
note destination port...
R2#sh ip nat trans
Pro Inside global Inside local Outside local Outside global
tcp 192.168.1.10:1024 192.168.1.1:64977 200.1.1.3:80 200.1.1.3:80
network cisco ccna gns3 certification arteq
a network runs through it
No comments:
Post a Comment