Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

remote

hello I small problems I Cisco router 800 serials now I remote wants work by means of SSH and telnet now are my question how can you this do?

who can help me

4 ACCEPTED SOLUTIONS

Accepted Solutions
Cisco Employee

Re: remote

You should be able to telnet to the router on the WAN/external ip address remotely if telnet is not disabled.

For SSH, you have to generate RSA keypair before you can SSH to the router. Here is the sample configuration for SSH:

http://www.cisco.com/en/US/customer/tech/tk583/tk617/technologies_tech_note09186a00800949e2.shtml

Hope that helps.

Cisco Employee

Re: remote

sorry, i don't quite understand what you mean.

Telnet locally works, however, telnet from external is timing out?

Are you getting the password prompt when you try to telnet from external? If not, then there is probably access-list on the interface that blocks telnet, OR/ under "line vty", it's only allowing internal address range.

Cisco Employee

Re: remote

do you have a copy of the router configuration? I can check and let you know what to add/change.

Cisco Employee

Re: remote

I don't understand what you mean.

26 REPLIES
Cisco Employee

Re: remote

You should be able to telnet to the router on the WAN/external ip address remotely if telnet is not disabled.

For SSH, you have to generate RSA keypair before you can SSH to the router. Here is the sample configuration for SSH:

http://www.cisco.com/en/US/customer/tech/tk583/tk617/technologies_tech_note09186a00800949e2.shtml

Hope that helps.

New Member

Re: remote

no telnet are not disabled. because is possible inlogen local but externally succeed that because krijg time out must there sometimes something to fit become?

Cisco Employee

Re: remote

sorry, i don't quite understand what you mean.

Telnet locally works, however, telnet from external is timing out?

Are you getting the password prompt when you try to telnet from external? If not, then there is probably access-list on the interface that blocks telnet, OR/ under "line vty", it's only allowing internal address range.

New Member

Re: remote

yes that is correct telnet local works but externally does not work it how can you that access trick make for telnet?

kind regards

Cisco Employee

Re: remote

do you have a copy of the router configuration? I can check and let you know what to add/change.

New Member

Re: remote

yes I have copy of running-config

possible you is something lets know what be adapted there must?

Cisco Employee

Re: remote

OK, base on the configuration, you have ZBFW (Zone Base Firewall) configured. Hence you would need to allow the traffic between out-zone and self-zone.

Here is what you would need to configure to allow telnet access:

class-map type inspect match-any telnet-class
    match protocol telnet


policy-map type inspect ccp-permit
    class type inspect telnet-class
        inspect

Hope that helps.

New Member

Re: remote

yes it works external telnet cordial thanks

do you know sometimes how that with SSH also are possible?

kind regards

Cisco Employee

Re: remote

Sure, for SSH just add this:

class-map type inspect match-any telnet-class
    match protocol ssh

New Member

Re: remote

there does this have still something changes become?

kind regards

Cisco Employee

Re: remote

You would also need to generate the RSA keypair: crypo key generate rsa

You also need to use SSH Client software (eg: Putty, SecureCRT) to SSH to the router.

New Member

Re: remote

those RSA key I have produced and used putty must still something change become?

kind regards

Cisco Employee

Re: remote

Mmmm.. where does it break?

Are you able to telnet on port 22?

Are you prompted for username and password?

Or the connection just hang?

Can you share the latest configuration again pls.

New Member

Re: remote

yes that is no problem this is new running-config

I have telnet geprobeert as from another isp and then work

mvg

Cisco Employee

Re: remote

I didn't see your SSH configuration on the ZBFW.

Please configure the following

class-map type inspect match-all ssh-class
match protocol ssh


policy-map type inspect ccp-permit

     class type inspect telnet-class

          inspect

New Member

Re: remote

on this small file is correct has it done that a little?

kind regards

Cisco Employee

Re: remote

That configuration looks OK. It should work now.

New Member

Re: remote

no it not yet works because if I take another isp I do telnet SSH connection then get I time out?

kind regards

Cisco Employee

Re: remote

not sure what you mean by another ISP?

Can you SSH to it locally?

New Member

Re: remote

I my postages have let check on gateway 22 (SSH) 23 (telnet) and that am closed how you can open that

Cisco Employee

Re: remote

I don't see 2 ISP on your configuration. Your configuration only says gig0 as the external interface.

New Member

Re: remote

I my postages have let check on gateway 22 (SSH) 23 (telnet) and that am closed how you can open that

Cisco Employee

Re: remote

I don't understand what you mean.

New Member

Re: remote

the postage 22 is closed same the postage 23 is closed how is possible you that open putting?

kind regards

New Member

Re: remote

the postage 23 is closed on the router can you the postage open?

kind regards

New Member

Re: remote

the postage 23 is closed on the router can you the postage open?

kind regards

652
Views
0
Helpful
26
Replies
CreatePlease to create content