Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

Telnet - Can't Access

I have Cisco 1605r with IOS 12.1T. I can't telnet to the router. It is setup with NAT. WAN IP = 63.243.20.218. I get an error stating "could not open a connection to host" I believe I have the password enabled because I can acces it's private LAN IP (192.168.1.1)

12 REPLIES
Cisco Employee

Re: Telnet - Can't Access

If you can't access (telnet) the router from outside then we might have to check the "sh run".

By the way i can ping 63.243.20.218 but can't telnet from my pc on the internet so looks like the telnet access is denied by access-lists or some other way.Let us have sh run from the router .Thx..Tejal

New Member

Re: Telnet - Can't Access

DOES THIS TELL YOU ANYTHING? I took out the passwords...

!

service timestamps debug uptime

service timestamps log uptime

service password-encryption

no service tcp-small-servers

no service udp-small-servers

!

hostname ALARouter

!

enable secret

!

no ip name-server

!

ip subnet-zero

no ip domain-lookup

ip routing

!

interface Ethernet 0

no shutdown

description connected to EthernetLAN

ip address 192.168.1.1 255.255.255.0

ip nat inside

keepalive 10

!

interface Ethernet 1

no description

no ip address

ip nat inside

shutdown

!

interface Serial 0

no shutdown

no description

no ip address

encapsulation frame-relay

frame-relay lmi-type ansi

!

interface Serial 0.1 point-to-point

no shutdown

description connected to Internet

ip address 63.243.20.218 255.255.255.252

ip nat outside

frame-relay interface-dlci 103 ietf

!

! Access Control List 1

!

no access-list 1

access-list 1 permit 192.168.1.0 0.0.0.255

!

! Dynamic NAT

!

ip nat translation timeout 86400

ip nat translation tcp-timeout 86400

ip nat translation udp-timeout 300

ip nat translation dns-timeout 60

ip nat translation finrst-timeout 60

ip nat inside source list 1 interface Serial 0.1 overload

!

! DHCP Server

!

service dhcp

ip dhcp excluded-address 192.168.1.1 192.168.1.5

ip dhcp pool 1

network 192.168.1.0 255.255.255.0

default-router 192.168.1.1

dns-server 205.218.123.50 66.43.137.27

!

router rip

version 2

network 192.168.1.0

passive-interface Serial 0.1

no auto-summary

!

!

ip classless

!

! IP Static Routes

ip route 0.0.0.0 0.0.0.0 Serial 0.1

no ip http server

snmp-server location Birmingham Office

snmp-server contact Jay Tatum,205.402.0081,jtatum_mcse@yahoo.com

banner motd # American Lung Association

When You Can't Breathe, Nothing Else Matters

www.americanlung.org

#

!

line console 0

exec-timeout 0 0

password

login

!

line vty 0 4

password

login

!

end

Cisco Employee

Re: Telnet - Can't Access

The config looks OK..Its not configured to block any traffic. So you might want to check the router/devices before this router for any of such blocking..Thx..Tejal

Cisco Employee

Re: Telnet - Can't Access

Just to add to that, you can check that the tcp packets are even reaching to the router or not while you try to attempt the telnet connection to it. Use

debug ip tcp packet in address 63.243.20.218 port 23

to track the tcp packet for telnet for address 63.243.20.218...Thx..Tejal

New Member

Re: Telnet - Can't Access

Make sure Telnet is setup.

New Member

Re: Telnet - Can't Access

Sorry for my lack of knowledge but how would I check it. I can telnet to it from inside the LAN but just can't remotely telnet.

New Member

Re: Telnet - Can't Access

Do you have telnet passwords set on the router? ie line vty 0 4/login/password xyz ? (/ denotes new line) If not you cannot telnet into the router. Remember the password is needed.

New Member

Re: Telnet - Can't Access

As it shows above in the sh run. I believe I have it set and I can access it through telnet from any computer on the local network. Is NAT blocking me from remotley accessing? It shouldn't be this difficult... right?

!

line vty 0 4

password

login

!

New Member

Re: Telnet - Can't Access

Jay,

I'm not going to be much help here, but I wanted to put my two cents in anyways. I have had this problem within my lab. It did come down to a NAT issue, and I found that out my looking at the debug output (debug ip nat det).

My fix was to static NAT the router IP Address and telnet to the NATed IP.

Let me know if this helps,

Rob Starke

New Member

Re: Telnet - Can't Access

Would there be any numbered port mapping involved in that? Like Telnet port 23.

Cisco Employee

Re: Telnet - Can't Access

As i mentioned, lets enable the debug

debug ip tcp packet in address 63.243.20.218 port 23

on the router to track the tcp packet for telnet for address 63.243.20.218 is even hitting the rotuer or not.If the packets are not reaching, then we know that its blocked somewhere in the middle....Thx..Tejal

Bronze

Re: Telnet - Can't Access

Actually if you do not have vty password set, it gives you the message "password required, but none

set".

If you are not seeing this message, then its not

the password issue. I wonder if telnetting from the

router enable prompt to its WAN address is successful?

280
Views
0
Helpful
12
Replies
CreatePlease to create content