08-03-2010 12:01 PM
hello I small problems I Cisco router 800 serials now I remote wants work by means of SSH and telnet now are my question how can you this do?
who can help me
Solved! Go to Solution.
08-04-2010 02:35 AM
You should be able to telnet to the router on the WAN/external ip address remotely if telnet is not disabled.
For SSH, you have to generate RSA keypair before you can SSH to the router. Here is the sample configuration for SSH:
http://www.cisco.com/en/US/customer/tech/tk583/tk617/technologies_tech_note09186a00800949e2.shtml
Hope that helps.
08-04-2010 03:13 AM
sorry, i don't quite understand what you mean.
Telnet locally works, however, telnet from external is timing out?
Are you getting the password prompt when you try to telnet from external? If not, then there is probably access-list on the interface that blocks telnet, OR/ under "line vty", it's only allowing internal address range.
08-04-2010 03:21 AM
do you have a copy of the router configuration? I can check and let you know what to add/change.
08-05-2010 08:44 AM
I don't understand what you mean.
08-04-2010 02:35 AM
You should be able to telnet to the router on the WAN/external ip address remotely if telnet is not disabled.
For SSH, you have to generate RSA keypair before you can SSH to the router. Here is the sample configuration for SSH:
http://www.cisco.com/en/US/customer/tech/tk583/tk617/technologies_tech_note09186a00800949e2.shtml
Hope that helps.
08-04-2010 03:09 AM
no telnet are not disabled. because is possible inlogen local but externally succeed that because krijg time out must there sometimes something to fit become?
08-04-2010 03:13 AM
sorry, i don't quite understand what you mean.
Telnet locally works, however, telnet from external is timing out?
Are you getting the password prompt when you try to telnet from external? If not, then there is probably access-list on the interface that blocks telnet, OR/ under "line vty", it's only allowing internal address range.
08-04-2010 03:19 AM
yes that is correct telnet local works but externally does not work it how can you that access trick make for telnet?
kind regards
08-04-2010 03:21 AM
do you have a copy of the router configuration? I can check and let you know what to add/change.
08-04-2010 03:40 AM
08-04-2010 05:31 AM
OK, base on the configuration, you have ZBFW (Zone Base Firewall) configured. Hence you would need to allow the traffic between out-zone and self-zone.
Here is what you would need to configure to allow telnet access:
class-map type inspect match-any telnet-class
match protocol telnet
policy-map type inspect ccp-permit
class type inspect telnet-class
inspect
Hope that helps.
08-04-2010 06:36 AM
yes it works external telnet cordial thanks
do you know sometimes how that with SSH also are possible?
kind regards
08-04-2010 07:57 AM
Sure, for SSH just add this:
class-map type inspect match-any telnet-class
match protocol ssh
08-04-2010 08:43 AM
there does this have still something changes become?
kind regards
08-04-2010 08:49 AM
You would also need to generate the RSA keypair: crypo key generate rsa
You also need to use SSH Client software (eg: Putty, SecureCRT) to SSH to the router.
08-04-2010 09:02 AM
those RSA key I have produced and used putty must still something change become?
kind regards
08-04-2010 09:05 AM
Mmmm.. where does it break?
Are you able to telnet on port 22?
Are you prompted for username and password?
Or the connection just hang?
Can you share the latest configuration again pls.
08-04-2010 09:23 AM
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: