I know that it is possible to reverse-telnet to a specific serial port on some routers by telnetting to a specific tcp port. For example:
to reverse-telnet to Interface Async 5 with a tty line identifier of 5 you would telnet to the routers local IP address at port 2005
I'd like to have the same capability with vty ports.
I have a router that uses Cisco Lock-and-Key authentication to add a dynamic access list entries for any host ip which logs into port vty 0. I also want the ability to log into the router itself to establish an EXEC session. To do this currently I must open a second telnet session before the one to vty 0 terminates.
To make a long story short here is how I'd like it to work.
move Lock and Key authentication to port vty 4
telnet to <router IP> port 20004 to go login to port vty 4
generic telnet to <router IP> port 23 will rotate through preceding vty ports 0 through 3 as usual to establish EXEC session.
Is this doable? If so provide a sample configuration and/or instructions.
Actually, you can by configuring the vty as a rotary group.
line vty 4
transport input all
Lets you telnet to router on port 3004. 23 is also open though, but you can use an access-class to restrict use to vty 4 if needed.
Or by using NAT (more dirty):
ip nat inside source static tcp 172.16.55.1 23 172.16.55.1 2002 extendable
ip address 172.16.55.1 255.255.255.0
ip address 10.0.0.1 255.255.255.0
ip nat outside