telnet access to router from internet

Unanswered Question

Hi,

I just configured the cisco 1841 router.

config is something like this.


router(config)#

!


interface ethernet0/0

ip address 203.x.x.x/30

ip nat outside

exit

!


interface ethernet0/1

ip address 192.168.1.1/24

ip nat inside

exit

!


access-list 101 permit ip any any

!


ip nat inside source list 101 interface Serial0/0 overload

exit


ip name server 202.56.215.6 202.56.230.6

copy running-config startup-config




I want to access router from internet for configuration.

created line vty 0 4 with password.

But not able to telent on telnet 203.x.x.x.

Kindly suggest what i am missing.


Reg,

Sushil

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Goutam Sanyal Mon, 03/24/2008 - 03:56
User Badges:
  • Silver, 250 points or more

Hi Susil, you can check the “line vty 0 4” is configured as bellow?


#line vty 0 4

privilege level 15 (with this argument enable secret will not required)

password 7 XXXXXXXX (password to access the vty 0 4)

login (enable the login)

transport input telnet ssh (optional/ argument for SSH/telnet login)

transport output telnet ssh (optional/ argument for SSH/telnet login)


Thanks

Goutam

Richard Burts Mon, 03/24/2008 - 04:23
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Sushil


You provide an incomplete description of configuring the router. I do not see any default route in what you posted. It is not clear whether it is configured and just not shown or if it is not configured.


You do not tell us whether the router is connected and working. Can you clarify whether the router has connectivity to the Internet? Does a PC connected on the inside interface access Internet resources ok? Can the router ping addresses in the Internet. Can you ping the router from the address that you are attempting telnet from?


HTH


Rick

Paolo Bevilacqua Mon, 03/24/2008 - 04:39
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    Founding Member

Hi,


you cannot telenet from outside because you ACL 101 is "any any". That doesn't work in current IOS.


Change ACL to be

access-list 101 permit ip 192.168.1.0 0.0.0.255 any


And you will be able to.


Hope this helps, please rate post if it does!

Richard Burts Mon, 03/24/2008 - 04:50
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Paolo


You raise the issue of the access list to use with NAT. I had noted the permit ip any any as an issue, especially for PCs connected on the inside. But since the question is about telnet to the router from outside, will the packets be directly to and from the router and will they not be using the outside (public) address? In which case I am not sure that address translation is the issue.


I do agree that your suggested change is good. But I am not sure that it addresses the original question.


HTH


Rick

Paolo Bevilacqua Mon, 03/24/2008 - 04:56
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    Founding Member

Hi Rick,


That is a know issue, promised :)


The symptoms are exactly these, everything works, you can even ping from outside to router public if, but cannot telnet into it.


Search the forum for previous cases, or try yourself when you have a chance. Bottom line, never use "any any" for NAT.

Actions

This Discussion