Could not open connection to the host, on port 23: Connect failed

Josiah Inubio · ‎10-28-2013

Hi i'm trying to telnet 10.63.205.134 but still i can't connect to it. This IP is already permitted on the ACL. Also i tried to open ports on windows firewall but still i can't telnet it. Is there something i must do on the router config? Thanks

access-list 1 permit any

access-list 99 permit 172.20.251.49

access-list 99 permit 172.20.251.53

access-list 99 permit 10.63.205.133

access-list 99 permit 10.49.145.75

access-list 99 permit 222.127.8.240 0.0.0.15

access-list 99 permit 10.49.174.16 0.0.0.15

access-list 99 permit 10.49.135.0 0.0.0.255

access-list 99 permit 10.198.164.36 0.0.0.3

access-list 99 permit 10.198.164.164 0.0.0.3

line con 0

exec-timeout 5 0

password 7 xxxxxxx

logging synchronous

line aux 0

exec-timeout 5 0

password 7 xxxxxxx

no exec

line 2

no activation-character

no exec

transport preferred none

transport input all

transport output pad telnet rlogin lapb-ta mop udptn v120 ssh

stopbits 1

line 0/0/0 0/0/1

script dialer gsm

no exec

rxspeed 7200000

txspeed 5760000

line vty 0 4

access-class 99 in

exec-timeout 5 0

password 7 xxxxx

logging synchronous

transport input telnet ssh

line vty 5 15

access-class 99 in

exec-timeout 5 0

privilege level 15

password 7 xxxxxxx

logging synchronous

transport input telnet ssh

rfalconer.sffcu · ‎10-28-2013

Is 10.63.205.134 the address of the router?

Josiah Inubio · ‎10-28-2013

Yes that's the address of the router. My workstation IP was 10.49.135.169. But this IP was already permmited on ACL -> access-list 99 permit 10.49.135.0 0.0.0.255.

Anup Sasikumar · ‎10-28-2013

Hello Josiah

The first thing I would go about troubleshooting this issue from Router end access list would to be

try and give a temporary permit any statement

(or)

give a deny any log to reflect access list denies on the logs

(or)

run a debug while trying to telnet

Regards,
Anup

Don't forget to rate if you found this helpful !

Regards,
Anup

Josiah Inubio · ‎10-28-2013

The problem was I'm on my clients HQ and there's no way i can access it. I think i'll endorse this to our ISP.

Marvin Rhoads · ‎10-28-2013

I'd also check the router from a known good location (or console) and validate that their are open vty lines ("show line")

BTW, it's not recommended to post type 7 passwords in your posts - they are easily cracked by using any number of sites with type 7 password crackers. (e.g., http://www.ibeast.com/content/tools/CiscoPassword/ )

Josiah Inubio · ‎10-28-2013

Hi Marvin, thanks for noting about the type 7 password. Is there other way to configure passwords that can't be decrypt? Thanks

Marvin Rhoads · ‎10-28-2013

When you post in a forum, simply edit out that bit and replace with . That's what Cisco's "show tech-support" command does. Reference.

As far as good device security, best common practice is to use the "enable secret" method (also described in the reference above) for local authentication and point to an external TACACS server for aaa services (including authentication).

Josiah Inubio · ‎10-28-2013

Thanks for helping guys, i've already found my mistake. Thanks.

Anup Sasikumar · ‎10-29-2013

Hello Josiah

Would you mind sharing where the issue was so that it will be helpful for all of us in troubleshooting similar access issues ?

Regards,
Anup

Don't forget to rate if you found this helpful !

Regards,
Anup