Solved: Can't figure out my telnet problem from 871

SpaceRooster · ‎01-18-2012

Hi all,

I have built a CCNA home lab consisting of:

1. 871 - Fe4 connected to my ISP router and acting as my home lab GW and switch (Office 1 GW and switch).

2. 2610 - e0/0 connected to my 871 switch side Fe0 and acting as a serial GW to office 2. And,

3. 2610 - acting as office 2 GW, s0/0 connected through serial to office 1 2610 s0/0.

(ISP Router)-------------(871)-------------(2610)<><><><><><><>(2610)

The problem I am having is I can't telnet from the 871 to any of the 2610s but can telnet from any 2610 to the 871.

Pings from any node (871 and 2610s) to all interfaces are successful.

This is my 871 config:

Building configuration...

Current configuration : 2407 bytes

!

version 12.4

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname GW_871

!

boot-start-marker

boot-end-marker

!

logging message-counter syslog

enable secret 5 $1$c6Pf$9CKwXssj5sv8kXx5WcYsN1

!

no aaa new-model

!

dot11 syslog

ip source-route

!

ip dhcp pool VLAN1_POOL

import all

network 10.0.0.0 255.255.255.0

default-router 10.0.0.1

dns-server 65.183.0.76

!

ip dhcp pool VLAN10_POOL

import all

network 10.10.10.0 255.255.255.0

default-router 10.10.10.1

dns-server 65.183.0.76

!

ip dhcp pool VLAN20_POOL

import all

network 20.20.20.0 255.255.255.0

default-router 20.20.20.1

dns-server 65.183.0.76

!

ip dhcp pool VLAN30_POOL

import all

network 30.30.30.0 255.255.255.0

default-router 30.30.30.1

dns-server 65.183.0.76

!

ip cef

ip name-server 65.183.0.76

no ipv6 cef

!

multilink bundle-name authenticated

!

archive

log config

hidekeys

!

interface FastEthernet0

duplex full

speed 10

!

interface FastEthernet1

switchport access vlan 10

!

interface FastEthernet2

switchport access vlan 20

!

interface FastEthernet3

switchport access vlan 30

!

interface FastEthernet4

description *** LINK TO ISP ***

ip address dhcp

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

!

interface Vlan1

description *** LINK TO OFFICE 1 GW ***

ip address 10.0.0.1 255.255.255.0

ip nat inside

ip virtual-reassembly

!

interface Vlan10

ip address 10.10.10.1 255.255.255.0

ip nat inside

ip virtual-reassembly

!

interface Vlan20

ip address 20.20.20.1 255.255.255.0

ip nat inside

ip virtual-reassembly

!

interface Vlan30

ip address 30.30.30.1 255.255.255.0

ip nat inside

ip virtual-reassembly

!

router rip

version 2

redistribute static

network 10.0.0.0

network 20.0.0.0

network 30.0.0.0

network 192.168.1.0

no auto-summary

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 192.168.1.1

no ip http server

no ip http secure-server

!

ip nat inside source list 1 interface FastEthernet4 overload

!

access-list 1 permit 10.0.0.0 0.0.255.255

!

control-plane

!

line con 0

password 7 094F471A1A0A

logging synchronous

login

no modem enable

line aux 0

password 7 05080F1C2243

logging synchronous

login

line vty 0 4

password 7 05080F1C2243

logging synchronous

login

transport input telnet

!

scheduler max-task-time 5000

end

Please help.

Thanks in advance.

Richard Burts · ‎01-18-2012

Thanks. If it will not allow removal of the ip nat statement then try removing ip nat outside from the Ethernet0/0 interface.

HTH

Rick

HTH

Rick

View solution in original post

Richard Burts · ‎01-18-2012

Am I correct in understanding that the 871 can ping to the address of the 2610 to which you are attempting telnet? If ping from 871 to that interface is successful and telnet then fails to the same address then the problem is not a routing or IP connectivity issue.

If there is IP connectivity and telnet fails it is much more likely to be an issue in the configuration of the 2610 than it is to be an issue in the 871. Can you provide the configuration of the 2610?

HTH

Rick

HTH

Rick

SpaceRooster · ‎01-18-2012

Yes correct. 871 can ping both 2610s.

Here is the directly connected 2610 config:

Building configuration...

Current configuration : 939 bytes

!

version 12.2

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

hostname O1GW_2610

!

enable secret 5 $1$3tl3$OZbMdGob8IIWRri40oMbI0

!

ip subnet-zero

!

ip name-server 65.183.0.76

!

call rsvp-sync

!

interface Ethernet0/0

description *** TO OFFICE 1 LAN ***

ip address 10.0.0.10 255.255.255.0

ip nat outside

full-duplex

!

interface Serial0/0

description *** LINK TO OFFICE 2 ***

ip address 10.0.10.1 255.255.255.0

ip nat inside

!

router rip

version 2

network 10.0.0.0

no auto-summary

!

ip nat inside source list 1 interface Ethernet0/0 overload

ip classless

ip http server

!

access-list 1 permit 10.0.0.0 0.0.255.255

!

dial-peer cor custom

!

line con 0

password 7 030752180500

logging synchronous

login

line aux 0

password 7 030752180500

logging synchronous

login

line vty 0 4

password 7 030752180500

logging synchronous

login

transport input telnet

!

end

Richard Burts · ‎01-18-2012

So from the 871 ping to 10.0.0.10 works ok but telnet to 10.0.0.10 fails?

As a test would you remove this line from the config of the 2610

ip nat inside source list 1 interface Ethernet0/0 overload

and see if the telnet behavior changes?

HTH

Rick

HTH

Rick

SpaceRooster · ‎01-18-2012

Yes that is correct Rick.

But trying to remove the line: ip nat inside source list 1 interface Ethernet0/0 overload

gives the error: %Dynamic mapping in use, cannot remove

I also tried removing the access-list before but I receive the same error.

Richard Burts · ‎01-18-2012

Thanks. If it will not allow removal of the ip nat statement then try removing ip nat outside from the Ethernet0/0 interface.

HTH

Rick

HTH

Rick

SpaceRooster · ‎01-18-2012

I removed ip nat outside from e0/0 and now its works!!!

Thanks Rick!!!

So the "ip nat outside" statement is only used on the interface on a router going to the internet then? Like the GW router?

Richard Burts · ‎01-18-2012

I am glad that my suggestion helped you to solve your problem. I have seen some situations where nat outside impacted the ability to telnet to a router and this seems to be one. The answer to the question of where do you use ip nat outside has potential to get a bit complex. Basically you use it on the outbound interface of a router where you need to do address translation. The most common of these would certainly be on the interface of a router going to the Internet. But there might be some other situations where you want to do address translation. For example there might be office 1 and office 2 of a company that happen to use the same address range (perhaps as the result of an acquisition or merger) and you would need to do address translation if they need to communicate with each other.

Thank you for using the rating system to mark this question as answered (and thanks for the points). It makes the forum more useful when people can read about a problem and can know that a solution was found. Your marking this question has contributed to that process.

HTH

Rick

HTH

Rick