Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

VPN Client connectivity with IOS Router

I using Cisco VPN Client 3.0.4. I have a good tunnel established and can connect and browse,connect, telnet to anything on my network fine. So, I believe I have my routing, natting etc correct.

I however am not able to telnet to the router that my tunnel is established with. On the pix you can do this by using the management interface command.

Anyone run into this and have a solution


Hall of Fame Super Silver

Re: VPN Client connectivity with IOS Router


I do not know yet exactly what your issue is, but here are some thoughts and suggestions to help solve it.

First I would like to verify that telnet to the router works if you are on the inside of the network. I have seen routers configured to use SSH for remote access which would refuse telnet access. I kind of doubt that this is the issue. But since we do not know your environment, this is the first question that I would ask.

You say that you establish the tunnel and can browse etc to things on the network. Can you verify that you can ping to the address on the router that you are attempting to telnet to? This will establish that the problem is not basic IP connectivity issues.

Assuming that the ping is successful, the next thing that I would suggest checking is whether the router allows incoming telnet on the VPN connection. Look at any access lists used to filter traffic on the inbound interface and at the access list used to define the VPN traffic and make sure that any of these lists would not prevent your telnet traffic.

If you find no issue of access lists filtering out your telnet, the next thing that I would check is whether the router has restrictions on who may telnet to it. This would be with an access-class configured under the vty ports. Check to see if the router has an access-class configured on its vty ports. And if it does look to see if your address is permitted in the access list that the access-class points to.