How to telnet to my remote router (telnet from NAT outside network)

Unanswered Question
Apr 18th, 2005

Hi

I need to telnet from my HQ network to my branch office network. My router located at my branch office.

I have NAT inside my network (HQ) and also NAT at my remote router.(Branch office)

Actually my remote router have "nat pool" setting XXX.XXX.XXX.XXX YYY.YYY.YYY.YYY netmask 255.255.255.ZZZ

I already set the telnet password for my remote router but i still cannot telnet to my router.

Should i telnet e0 ip address or use any "nat pool" ip address. I try to use my nat pool ip address cannot e0 ip address also cannot.

Please help....

thx

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
lgijssel Mon, 04/18/2005 - 23:15

Looks like both routers are with one leg connected to the Internet. This is the nat outside interface and in most cases it has a public ip address.

From either side, to reach the remote router you should use this outside interface adress.

Regards,

Leo

tprendergast Tue, 04/26/2005 - 22:47

Depending how your routers are connected, if at all internally, you will be able to do one of the following:

a) If the routers have ipsec tunneling over their internet connection and route internal network traffic through the tunnel to each other you could directly connect to the remote router. I do not suspect you have this setup or you probably would have already been connected.

b) If both routers are performing NAT on the ingress/egress traffic, then you need to connect from your HQ network to the outside ip address of the router in the remote network. This would be your internet facing interface.

I would recommend highly that you setup ssh on your routers and not use telnet. You are subjecting anything you send to that remote router to cleartext interception by anyone who can get a sniffer setup somewhere along the path that your data travels. SSH is your friend. Telnet is your enemy.

A doc link for setting up ssh:

http://www.cisco.com/en/US/tech/tk583/tk617/technologies_tech_note09186a00800949e2.shtml

Tim

Edward999 Wed, 04/27/2005 - 00:11

Hi Thanks for your reply. Actually on my remote router i put access list as below:

access-list 1 permit any

Can i take out the access list and replace with

access-list 101 permit tcp XX.XX.XX.XX 0.0.0.31 any eq 23

access-list 101 permit tcp XX.XX.XX.XX 0.0.0.31 any eq 80

access-list 101 permit ip any any

The ip XX.XX.XX.XX is my HQ valid ip address. I need to be able to telnet to router and access http port

80 on one of my Bandwidth manager box.

This Bandwidth manager box located behind the router

with a valid IP address.

please help...i really have no idea..

thx

Actions

This Discussion