cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3691
Views
0
Helpful
16
Replies

Remote Telnet access on CISCO 1841

drughetto
Level 1
Level 1

I'm not able to gain access to my cisco 1841 via telnet from remote. I can telnet to any inside interface without problem, but not to the dialer interface. Trying to scanning for open ports from remote i only get ftp port 21 (i don't know why since i havn't forwarded any ftp port) and SSH port 443, but not telnet port 23. Router is configured with HWIC-1ADSL card for DSL connection and HWIC-AP-G-E for wireless connections.

Hereafter relevant config.

Thanks

16 Replies 16

drughetto
Level 1
Level 1

Sorry, i forgot to add the config file

Hi,

Can you paste the output of show ip int brief.

Regards,

Pravin

Hi,

here is the ip int brief.

thanks

CISCO1841#show ip int brief

Interface IP-Address OK? Method Status Protocol

FastEthernet0/0 192.168.1.1 YES NVRAM up up

FastEthernet0/1 192.168.2.1 YES NVRAM up up

ATM0/0/0 unassigned YES NVRAM up up

Dot11Radio0/1/0 unassigned YES NVRAM up up

Dot11Radio0/1/0.1 192.168.2.129 YES NVRAM up up

Dot11Radio0/1/0.2 192.168.3.1 YES NVRAM up up

NVI0 unassigned NO unset up up

Virtual-Access1 unassigned YES unset up up

Dialer1 151.16.203.203 YES IPCP up up

Hi,

here is the ip int brief.

thanks

CISCO1841#show ip int brief

Interface IP-Address OK? Method Status Protocol

FastEthernet0/0 192.168.1.1 YES NVRAM up up

FastEthernet0/1 192.168.2.1 YES NVRAM up up

ATM0/0/0 unassigned YES NVRAM up up

Dot11Radio0/1/0 unassigned YES NVRAM up up

Dot11Radio0/1/0.1 192.168.2.129 YES NVRAM up up

Dot11Radio0/1/0.2 192.168.3.1 YES NVRAM up up

NVI0 unassigned NO unset up up

Virtual-Access1 unassigned YES unset up up

Dialer1 151.16.203.203 YES IPCP up up

Try removing:

ip nat inside source static 192.168.3.2 interface Dialer1

... and see if that works.

Hi,

trying to remove the line you suggested didn't solve the problem.

Btw, just to be as much clear as possible about the problem, i can telnet any router interface (even the dialer one) from the internal network, but when i telnet the dialer interface from remote i don't get any response. The router is connected to internet and client PCs can surf without problem. Another "strange behaviour" of the router is that i'm not able to ping any external address when i'm in telnet or console on the router.

If i execute an extended ping, specifying one of the two fast ethernet interfaces as the source address, the ping works fine. I think that this problem has something to do with the telnet problem.

Hi,

The ACL which have been configured are they applied on any interface ? I dont see it applied to any interface only "ip access-group TELEFONO-VOIP-INGRESSO in"

Also if possible remove the radius config and check if you are able to telnet.

Regards,

Pravin

Hi,

you need only one statement for "ip nat ... overload". That is, you should combine the two ACLs into one and use it.

I haven't check if you have any ACL blocking telenet, so begin trying the above first.

Hi guys,

first of all i wanted to thank all of you for your support :-)

As for the config is concerns, don't waste time looking at the access lists which are actually not applied except for the VOIP one.

I'll try to remove the radius and see what happens.

To Paolo : I agree with you about the nat pool in that i could join the two pools into a single access list, but shouldn't it work anyway?

thanks

It could, fact is that I've never seen doing that and is not the recommended way.

Hi Paolo,

i just tried to follow your suggestion concerning the two access lists and nat, but unfortunately nothing has changed.still not able to telnet. Do you think a reboot is needed?

Thanks

I'm curious, who is your internet provider? Is is possible that they are blocking your telnet attempts?

I have a Cisco 800 series that I've never been able to ssh to from the outside. I tried a million things and just could not figure out why I couldn't get in. After giving up on it, I had a friend tell me that he heard that our cable provider blocks inbound connections like telnet and ssh.

Have you tried unplugging from your provider and plugging in a laptop to the outside connection of the router? Then you could try to ssh to the router from the "outside" and see if it works. If it works, then you know that your ISPs is blocking, and if it doesn't then you know that it is just a configuration issue.

I'm going to do that with my router whenever I have some time to kill.

Hi,

i'm quite sure it's not an ISP related problem cause since a couple of weeks ago i was using a cisco 877w router on the same connection and it was reachable from outside via telnet.

drughetto
Level 1
Level 1

so nobody came out with a solution??

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: