1
00:00:00,960 --> 00:00:08,460
Now, previously, when we typed show IP NAT translations, we only had inside local inside global

2
00:00:08,460 --> 00:00:11,100
one entry, that is the static entry.

3
00:00:11,940 --> 00:00:16,560
There's no outside local or outside global address because that's not being nattered.

4
00:00:17,590 --> 00:00:18,880
Let's try telnetting

5
00:00:20,020 --> 00:00:21,310
to 8.1.1.5.

6
00:00:22,780 --> 00:00:27,940
Notice it says password required, but none set and the connection was terminated.

7
00:00:29,340 --> 00:00:31,990
So on router 1 line VTY 0 to 5.

8
00:00:34,100 --> 00:00:41,690
Login password Cisco enable password Cisco.

9
00:00:42,780 --> 00:00:48,990
On Router 3, do the telnet again, notice I can log in to Router 1.

10
00:00:50,550 --> 00:00:59,370
When I now look at the net translations on rawData, you can see that there are multiple net translations

11
00:00:59,370 --> 00:00:59,720
here.

12
00:01:00,180 --> 00:01:09,650
We've got to tell net sessions and that may be because the other net translation hasn't timed out to

13
00:01:09,990 --> 00:01:11,310
all the net translations.

14
00:01:13,070 --> 00:01:15,620
Show IP net translation shows that one entry.

15
00:01:18,330 --> 00:01:26,400
We've got our next translation back again, so inside local of this IP address has got a telnet session,

16
00:01:26,400 --> 00:01:28,430
Port 23 going to it.

17
00:01:29,220 --> 00:01:33,660
So this router eight one one two is using an ephemeral port.

18
00:01:33,660 --> 00:01:39,930
In other words, a random port number to access router one on Port 23.

19
00:01:40,740 --> 00:01:47,940
Router three, however, is using this IP address to access this IP address on the outside Internet,

20
00:01:48,210 --> 00:01:54,060
which is then translated to this address internally, allowing router three to access router one.

21
00:01:54,540 --> 00:02:00,320
Now, there's no better way than looking at Wireshark to see what's actually going on.

22
00:02:00,810 --> 00:02:06,570
So I'll start Wireshark on router TS first Ethan interface.

23
00:02:07,320 --> 00:02:10,440
So I'm going to start Wireshark on this interface.

24
00:02:15,840 --> 00:02:21,570
I'm going to hit enter on router three, I noticed there's some telnet data now.

25
00:02:24,110 --> 00:02:32,000
So some telnet data from eight one one two to eight, one one five and eight one one five to eight one

26
00:02:32,000 --> 00:02:32,570
one two.

27
00:02:34,720 --> 00:02:38,140
So in the Telnet sessions, what you'll notice.

28
00:02:39,670 --> 00:02:46,960
Is that the telnet to data in this case, a carriage return is going from eight to one, one two to

29
00:02:46,960 --> 00:02:49,290
eight, one one five, and then there's a reply back again.

30
00:02:49,840 --> 00:02:55,300
So if I type enable and then put my password in.

31
00:02:56,580 --> 00:02:58,830
What we'll see in the output here.

32
00:03:03,860 --> 00:03:04,880
He's telnet data.

33
00:03:06,230 --> 00:03:07,610
So let's Folta for telnet.

34
00:03:09,660 --> 00:03:16,050
So scrolling down, we can see that Rauda one was telling Rawda two about the right, a prompt and then

35
00:03:16,050 --> 00:03:22,200
Rouda to type to enable and then we go carriage return.

36
00:03:22,860 --> 00:03:28,170
Rawda one requested a password and then rawData entered S.I.

37
00:03:28,410 --> 00:03:32,070
S CEO and there's the password and hit carriage return.

38
00:03:32,850 --> 00:03:34,500
And then the prompt changed.

39
00:03:34,890 --> 00:03:42,030
Cerrado one told Rodders three that the new prompt is our one hash or pound.

40
00:03:43,020 --> 00:03:50,070
The important piece to note is that all communication on this link is between eight one one two and

41
00:03:50,070 --> 00:03:51,450
eight one one five.

42
00:03:53,520 --> 00:03:57,720
Which is the inside global address of the router 10 one one one.

43
00:03:59,470 --> 00:04:01,090
I'll stop the capture.

44
00:04:03,180 --> 00:04:09,690
And now let's do it again, I'll start the capture on the inside interface, so I'm going to do it on

45
00:04:09,690 --> 00:04:13,290
fust Ethernet zero zero of Rawda to.

46
00:04:14,580 --> 00:04:24,660
I'll fill to this once again for Telnet traffic and on Rawda three, now let's type exit and turn it

47
00:04:24,660 --> 00:04:25,280
back again.

48
00:04:26,600 --> 00:04:29,810
Put in the password type enable, put in the password.

49
00:04:32,100 --> 00:04:35,520
So when you look at this traffic notice, it's from.

50
00:04:36,870 --> 00:04:38,340
Eight one one two.

51
00:04:40,310 --> 00:04:48,170
Raddest trees, IP address going to 10 one one one Rouda one's IP address, so all the telnet traffic

52
00:04:48,170 --> 00:04:49,220
in this output.

53
00:04:53,900 --> 00:05:03,500
Including the password that's being sent, Cisco is from eight one one two to 10 one one one, this

54
00:05:03,500 --> 00:05:09,770
router in the middle is translating eight one one five to eight one one two four.

55
00:05:09,770 --> 00:05:13,550
All traffic between Rawda one and router three.