remote

Answered Question
Aug 3rd, 2010
User Badges:

hello I small problems I Cisco router 800 serials now I remote wants work by means of SSH and telnet now are my question how can you this do?


who can help me

Correct Answer by Jennifer Halim about 6 years 11 months ago

I don't understand what you mean.

Correct Answer by Jennifer Halim about 6 years 11 months ago

do you have a copy of the router configuration? I can check and let you know what to add/change.

Correct Answer by Jennifer Halim about 6 years 11 months ago

sorry, i don't quite understand what you mean.

Telnet locally works, however, telnet from external is timing out?

Are you getting the password prompt when you try to telnet from external? If not, then there is probably access-list on the interface that blocks telnet, OR/ under "line vty", it's only allowing internal address range.

Correct Answer by Jennifer Halim about 6 years 11 months ago

You should be able to telnet to the router on the WAN/external ip address remotely if telnet is not disabled.


For SSH, you have to generate RSA keypair before you can SSH to the router. Here is the sample configuration for SSH:

http://www.cisco.com/en/US/customer/tech/tk583/tk617/technologies_tech_note09186a00800949e2.shtml


Hope that helps.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (4 ratings)
Loading.
Correct Answer
Jennifer Halim Wed, 08/04/2010 - 02:35
User Badges:
  • Cisco Employee,

You should be able to telnet to the router on the WAN/external ip address remotely if telnet is not disabled.


For SSH, you have to generate RSA keypair before you can SSH to the router. Here is the sample configuration for SSH:

http://www.cisco.com/en/US/customer/tech/tk583/tk617/technologies_tech_note09186a00800949e2.shtml


Hope that helps.

pcfreak49 Wed, 08/04/2010 - 03:09
User Badges:

no telnet are not disabled. because is possible inlogen local but externally succeed that because krijg time out must there sometimes something to fit become?

Correct Answer
Jennifer Halim Wed, 08/04/2010 - 03:13
User Badges:
  • Cisco Employee,

sorry, i don't quite understand what you mean.

Telnet locally works, however, telnet from external is timing out?

Are you getting the password prompt when you try to telnet from external? If not, then there is probably access-list on the interface that blocks telnet, OR/ under "line vty", it's only allowing internal address range.

pcfreak49 Wed, 08/04/2010 - 03:19
User Badges:

yes that is correct telnet local works but externally does not work it how can you that access trick make for telnet?


kind regards

Correct Answer
Jennifer Halim Wed, 08/04/2010 - 03:21
User Badges:
  • Cisco Employee,

do you have a copy of the router configuration? I can check and let you know what to add/change.

Jennifer Halim Wed, 08/04/2010 - 05:31
User Badges:
  • Cisco Employee,

OK, base on the configuration, you have ZBFW (Zone Base Firewall) configured. Hence you would need to allow the traffic between out-zone and self-zone.


Here is what you would need to configure to allow telnet access:


class-map type inspect match-any telnet-class
    match protocol telnet


policy-map type inspect ccp-permit
    class type inspect telnet-class
        inspect


Hope that helps.

pcfreak49 Wed, 08/04/2010 - 06:36
User Badges:

yes it works external telnet cordial thanks


do you know sometimes how that with SSH also are possible?


kind regards

Jennifer Halim Wed, 08/04/2010 - 07:57
User Badges:
  • Cisco Employee,

Sure, for SSH just add this:

class-map type inspect match-any telnet-class
    match protocol ssh

pcfreak49 Wed, 08/04/2010 - 08:43
User Badges:

there does this have still something changes become?


kind regards

Jennifer Halim Wed, 08/04/2010 - 08:49
User Badges:
  • Cisco Employee,

You would also need to generate the RSA keypair: crypo key generate rsa


You also need to use SSH Client software (eg: Putty, SecureCRT) to SSH to the router.

pcfreak49 Wed, 08/04/2010 - 09:02
User Badges:

those RSA key I have produced and used putty must still something change become?


kind regards

Jennifer Halim Wed, 08/04/2010 - 09:05
User Badges:
  • Cisco Employee,

Mmmm.. where does it break?

Are you able to telnet on port 22?

Are you prompted for username and password?

Or the connection just hang?


Can you share the latest configuration again pls.

pcfreak49 Wed, 08/04/2010 - 09:23
User Badges:

yes that is no problem this is new running-config


I have telnet geprobeert as from another isp and then work


mvg

Attachment: 
Jennifer Halim Thu, 08/05/2010 - 06:09
User Badges:
  • Cisco Employee,

I didn't see your SSH configuration on the ZBFW.


Please configure the following

class-map type inspect match-all ssh-class
match protocol ssh


policy-map type inspect ccp-permit

     class type inspect telnet-class

          inspect


pcfreak49 Thu, 08/05/2010 - 07:53
User Badges:

no it not yet works because if I take another isp I do telnet SSH connection then get I time out?


kind regards

Jennifer Halim Thu, 08/05/2010 - 07:55
User Badges:
  • Cisco Employee,

not sure what you mean by another ISP?

Can you SSH to it locally?

pcfreak49 Thu, 08/05/2010 - 08:00
User Badges:

I my postages have let check on gateway 22 (SSH) 23 (telnet) and that am closed how you can open that

Jennifer Halim Thu, 08/05/2010 - 08:06
User Badges:
  • Cisco Employee,

I don't see 2 ISP on your configuration. Your configuration only says gig0 as the external interface.

pcfreak49 Thu, 08/05/2010 - 08:22
User Badges:

I my postages have let check on gateway 22 (SSH) 23 (telnet) and that am closed how you can open that

pcfreak49 Thu, 08/05/2010 - 09:00
User Badges:

the postage 22 is closed same the postage 23 is closed how is possible you that open putting?


kind regards

pcfreak49 Thu, 08/05/2010 - 09:40
User Badges:

the postage 23 is closed on the router can you the postage open?


kind regards

pcfreak49 Fri, 08/06/2010 - 03:16
User Badges:

the postage 23 is closed on the router can you the postage open?


kind regards

Actions

This Discussion