cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1063
Views
0
Helpful
12
Replies

Telnet - Can't Access

jtatum_mcse
Level 1
Level 1

I have Cisco 1605r with IOS 12.1T. I can't telnet to the router. It is setup with NAT. WAN IP = 63.243.20.218. I get an error stating "could not open a connection to host" I believe I have the password enabled because I can acces it's private LAN IP (192.168.1.1)

12 Replies 12

tepatel
Cisco Employee
Cisco Employee

If you can't access (telnet) the router from outside then we might have to check the "sh run".

By the way i can ping 63.243.20.218 but can't telnet from my pc on the internet so looks like the telnet access is denied by access-lists or some other way.Let us have sh run from the router .Thx..Tejal

DOES THIS TELL YOU ANYTHING? I took out the passwords...

!

service timestamps debug uptime

service timestamps log uptime

service password-encryption

no service tcp-small-servers

no service udp-small-servers

!

hostname ALARouter

!

enable secret

!

no ip name-server

!

ip subnet-zero

no ip domain-lookup

ip routing

!

interface Ethernet 0

no shutdown

description connected to EthernetLAN

ip address 192.168.1.1 255.255.255.0

ip nat inside

keepalive 10

!

interface Ethernet 1

no description

no ip address

ip nat inside

shutdown

!

interface Serial 0

no shutdown

no description

no ip address

encapsulation frame-relay

frame-relay lmi-type ansi

!

interface Serial 0.1 point-to-point

no shutdown

description connected to Internet

ip address 63.243.20.218 255.255.255.252

ip nat outside

frame-relay interface-dlci 103 ietf

!

! Access Control List 1

!

no access-list 1

access-list 1 permit 192.168.1.0 0.0.0.255

!

! Dynamic NAT

!

ip nat translation timeout 86400

ip nat translation tcp-timeout 86400

ip nat translation udp-timeout 300

ip nat translation dns-timeout 60

ip nat translation finrst-timeout 60

ip nat inside source list 1 interface Serial 0.1 overload

!

! DHCP Server

!

service dhcp

ip dhcp excluded-address 192.168.1.1 192.168.1.5

ip dhcp pool 1

network 192.168.1.0 255.255.255.0

default-router 192.168.1.1

dns-server 205.218.123.50 66.43.137.27

!

router rip

version 2

network 192.168.1.0

passive-interface Serial 0.1

no auto-summary

!

!

ip classless

!

! IP Static Routes

ip route 0.0.0.0 0.0.0.0 Serial 0.1

no ip http server

snmp-server location Birmingham Office

snmp-server contact Jay Tatum,205.402.0081,jtatum_mcse@yahoo.com

banner motd # American Lung Association

When You Can't Breathe, Nothing Else Matters

www.americanlung.org

#

!

line console 0

exec-timeout 0 0

password

login

!

line vty 0 4

password

login

!

end

The config looks OK..Its not configured to block any traffic. So you might want to check the router/devices before this router for any of such blocking..Thx..Tejal

Just to add to that, you can check that the tcp packets are even reaching to the router or not while you try to attempt the telnet connection to it. Use

debug ip tcp packet in address 63.243.20.218 port 23

to track the tcp packet for telnet for address 63.243.20.218...Thx..Tejal

Make sure Telnet is setup.

Sorry for my lack of knowledge but how would I check it. I can telnet to it from inside the LAN but just can't remotely telnet.

Do you have telnet passwords set on the router? ie line vty 0 4/login/password xyz ? (/ denotes new line) If not you cannot telnet into the router. Remember the password is needed.

As it shows above in the sh run. I believe I have it set and I can access it through telnet from any computer on the local network. Is NAT blocking me from remotley accessing? It shouldn't be this difficult... right?

!

line vty 0 4

password

login

!

Jay,

I'm not going to be much help here, but I wanted to put my two cents in anyways. I have had this problem within my lab. It did come down to a NAT issue, and I found that out my looking at the debug output (debug ip nat det).

My fix was to static NAT the router IP Address and telnet to the NATed IP.

Let me know if this helps,

Rob Starke

Would there be any numbered port mapping involved in that? Like Telnet port 23.

As i mentioned, lets enable the debug

debug ip tcp packet in address 63.243.20.218 port 23

on the router to track the tcp packet for telnet for address 63.243.20.218 is even hitting the rotuer or not.If the packets are not reaching, then we know that its blocked somewhere in the middle....Thx..Tejal

Actually if you do not have vty password set, it gives you the message "password required, but none

set".

If you are not seeing this message, then its not

the password issue. I wonder if telnetting from the

router enable prompt to its WAN address is successful?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco