Telnet - Can't Access

Unanswered Question
tepatel Mon, 02/11/2002 - 19:52
User Badges:
  • Cisco Employee,

If you can't access (telnet) the router from outside then we might have to check the "sh run".


By the way i can ping 63.243.20.218 but can't telnet from my pc on the internet so looks like the telnet access is denied by access-lists or some other way.Let us have sh run from the router .Thx..Tejal

DOES THIS TELL YOU ANYTHING? I took out the passwords...


!

service timestamps debug uptime

service timestamps log uptime

service password-encryption

no service tcp-small-servers

no service udp-small-servers

!

hostname ALARouter

!

enable secret

!

no ip name-server

!

ip subnet-zero

no ip domain-lookup

ip routing

!

interface Ethernet 0

no shutdown

description connected to EthernetLAN

ip address 192.168.1.1 255.255.255.0

ip nat inside

keepalive 10

!

interface Ethernet 1

no description

no ip address

ip nat inside

shutdown

!

interface Serial 0

no shutdown

no description

no ip address

encapsulation frame-relay

frame-relay lmi-type ansi

!

interface Serial 0.1 point-to-point

no shutdown

description connected to Internet

ip address 63.243.20.218 255.255.255.252

ip nat outside

frame-relay interface-dlci 103 ietf

!

! Access Control List 1

!

no access-list 1

access-list 1 permit 192.168.1.0 0.0.0.255

!

! Dynamic NAT

!

ip nat translation timeout 86400

ip nat translation tcp-timeout 86400

ip nat translation udp-timeout 300

ip nat translation dns-timeout 60

ip nat translation finrst-timeout 60

ip nat inside source list 1 interface Serial 0.1 overload

!

! DHCP Server

!

service dhcp

ip dhcp excluded-address 192.168.1.1 192.168.1.5

ip dhcp pool 1

network 192.168.1.0 255.255.255.0

default-router 192.168.1.1

dns-server 205.218.123.50 66.43.137.27

!

router rip

version 2

network 192.168.1.0

passive-interface Serial 0.1

no auto-summary

!

!

ip classless

!

! IP Static Routes

ip route 0.0.0.0 0.0.0.0 Serial 0.1

no ip http server

snmp-server location Birmingham Office

snmp-server contact Jay Tatum,205.402.0081,[email protected]

banner motd # American Lung Association

When You Can't Breathe, Nothing Else Matters

www.americanlung.org

#

!

line console 0

exec-timeout 0 0

password

login

!

line vty 0 4

password

login

!

end


tepatel Tue, 02/12/2002 - 09:10
User Badges:
  • Cisco Employee,

The config looks OK..Its not configured to block any traffic. So you might want to check the router/devices before this router for any of such blocking..Thx..Tejal

tepatel Tue, 02/12/2002 - 09:16
User Badges:
  • Cisco Employee,

Just to add to that, you can check that the tcp packets are even reaching to the router or not while you try to attempt the telnet connection to it. Use


debug ip tcp packet in address 63.243.20.218 port 23


to track the tcp packet for telnet for address 63.243.20.218...Thx..Tejal

robstarke Wed, 02/13/2002 - 08:57
User Badges:

Jay,

I'm not going to be much help here, but I wanted to put my two cents in anyways. I have had this problem within my lab. It did come down to a NAT issue, and I found that out my looking at the debug output (debug ip nat det).

My fix was to static NAT the router IP Address and telnet to the NATed IP.


Let me know if this helps,


Rob Starke

tepatel Wed, 02/13/2002 - 09:07
User Badges:
  • Cisco Employee,

As i mentioned, lets enable the debug


debug ip tcp packet in address 63.243.20.218 port 23

on the router to track the tcp packet for telnet for address 63.243.20.218 is even hitting the rotuer or not.If the packets are not reaching, then we know that its blocked somewhere in the middle....Thx..Tejal

zahmed Wed, 02/13/2002 - 13:18
User Badges:
  • Cisco Employee,

Actually if you do not have vty password set, it gives you the message "password required, but none

set".

If you are not seeing this message, then its not

the password issue. I wonder if telnetting from the

router enable prompt to its WAN address is successful?

Actions

This Discussion