Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cannot telnet to the fe interface of the edge router from an internal host

Hi, I am having problems trying to telnet to the fe interface of my edge router from my management host(internal). I tryed adding an access list and allowing access to the fe interface of the router. Do I need to do something to the firewall.(I thought that the firewall allows all outgoing)

Can somebody tell me what I am doing wrong.

Thanks

Here is the sh run:

sh run

Building configuration...

Current configuration:

!

version 12.0

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

hostname ABC

!

logging buffered 4096 debugging

!

username xxx privilege 15 password xxxx

!

!

!

!

ip subnet-zero

no ip source-route

no ip finger

no ip domain-lookup

!

!

process-max-time 200

!

interface Serial0

ip address a.b.c.d 255.255.255.252

no ip redirects

no ip unreachables

no ip directed-broadcast

no ip proxy-arp

no ip route-cache

no cdp enable

!

interface FastEthernet0

ip address x.x.x.97 255.255.255.224

no ip directed-broadcast

full-duplex

no cdp enable

!

ip classless

ip route 0.0.0.0 0.0.0.0 x.x.x.41

no ip http server

!

access-list 2 permit 63.94.243.0 0.0.0.255

access-list 2 permit 204.188.152.80 0.0.0.15

access-list 2 permit 65.199.21.0 0.0.0.255

access-list 101 permit tcp any any established

access-list 101 deny ip 192.168.0.0 0.0.255.255 any

access-list 101 deny ip 172.16.0.0 0.15.255.255 any

access-list 101 deny ip 10.0.0.0 0.255.255.255 any

access-list 101 deny udp any any eq snmp

access-list 101 deny udp any any eq tftp

access-list 101 deny udp any any eq netbios-dgm

access-list 101 deny udp any any eq netbios-ns

access-list 101 deny udp any any eq who

access-list 101 deny udp any any eq echo

access-list 101 deny udp any any eq syslog

access-list 101 deny tcp any any eq bgp

access-list 101 deny tcp any any eq chargen

access-list 101 deny tcp any any eq cmd

access-list 101 deny tcp any any eq echo

access-list 101 deny tcp any any eq exec

access-list 101 deny tcp any any eq finger

access-list 101 deny tcp any any eq gopher

access-list 101 deny tcp any any eq klogin

access-list 101 deny tcp any any eq kshell

access-list 101 deny tcp any any eq login

access-list 101 deny tcp any any eq lpd

access-list 101 deny tcp any any eq whois

access-list 101 permit ip any any

no cdp run

banner motd ^CCC

UNAUTHORIZED ACCESS PROHIBITED.....

^C

!

line con 0

exec-timeout 0 0

logging synchronous

login local

transport input none

line aux 0

logging synchronous

login local

modem InOut

modem autoconfigure discovery

transport input all

speed 2400

line vty 0 4

access-class 2 in

logging synchronous

login local

!

end

3 REPLIES
New Member

Re: Cannot telnet to the fe interface of the edge router from an

So what error message (if any) do you receive? As for access through a firewall, it depends on the firewall and its configuration. This could be blocking you.

I am assuming you are coming from a permitted network? What is access-list 101 used for?

New Member

Re: Cannot telnet to the fe interface of the edge router from an

Hi, everybody,

The edge router's serial is x.y.z.w

The edge router's fe is a.b.c.97

The firewall's outside ip is a.b.c.98

The firewall's internal ip is 192.168.1.2

My internal host ip address is 192.168.1.92

I removed the access list allowing my internal host because was not working:(here is again)

ip access-list 120 permit tcp host 192.168.1.92 host a.b.c.97 eq 23

router(config)#line vty 0 4

router(config-line)#access-class 120 in

Error:

C:\>telnet a.b.c.97

Connecting To a.b.c.97...Could not open a connection to host on port 23 : Connect failed

I can successfully ping the fe and serial of the edge router(the firewall permits it).

I am sure is the firewall, but it has many conduit permit lines and I really do not want to make a network disruption.

Any suggestions will be appreciated.

Thanks

New Member

Re: Cannot telnet to the fe interface of the edge router from an

you have an access list on your vty that denies 192.168.1.92 . access-list 2 has 3 permits for external addresses but no permit for 192.168.1.92 . There is always an implicit DENY at the end of an access list.

93
Views
0
Helpful
3
Replies
CreatePlease login to create content