The problem is I can't access the router from the internet. I am also an ocean away from the site. I have an ugly hack set up where I access an inside PC with Teamviewer and then puTTy to the router, but it is slow, ugly, and doesn't fix my problem. I need to be able to set up internet accessible servers at this location for VOIP, VPN, and REAL remote access.

Everything else works fine. Connection is stable. Speed is kinda shitty, but that's not so important.

First off some specs:

• Cisco 2801
• c2801-ipvoicek9-mz.124-24.T1.bin
• hwic-3g-cdma-s
• Sprint 3G data plan

Ok, I have set up the previous equipment as a router for a branch office where 3G access is the only available internet access.

I have had the excruciating experience of talking with Sprint Tech Support, and would rather shoot myself in the foot than do so again.

Here is what they told me: "They block ports, but they can't tell me which ones."

Here is relevant info I have been able to gather.

• The IP connection the ISP gives us is not NATTED. That is the address at wimi.com and show int dialer 0 is the same one.
• Most forums say Sprint only blocks port 80.
• Zenmap (nmap for windows) says the router has NO open ports but DOES exist.
• Router does not respond to pings
• Can't SSH into router from internet
• Can't access a test local server with port 8080 or 8081 open with the correct nat statement in Cisco router
• No filtering access-list for testing

The config should be just fine as a base config for using hwic-3g-cdma-s as the main internet access interface for a router. Everything works fine aside from the lack of remote access.

So in my head it has to be one of 3 problems.

1. The card is doing some weird stuff to incoming requests

2. Sprint is blocking WAN requests on port 22, 2200, 8080, and 8081 and pings (tested). Maybe they block all WAN requests?

3. There is something wrong with my config.

Any suggestions as to why I can't remote access into my router or things to try with the config?

Thank you in advance for your help

-Vittorio

Below are some config pastes:

chat-script cdma "" "ATDT#777" TIMEOUT 60 "CONNECT"

!

ip ssh authentication-retries 2

ip ssh port 2200 rotary 1

ip ssh version 2

!

!

!

!

interface FastEthernet0/0

no ip address

shutdown

duplex auto

speed auto

no cdp enable

!

interface FastEthernet0/1

ip address 192.168.30.1 255.255.255.0

ip nat inside

ip virtual-reassembly

speed auto

full-duplex

no cdp enable

no mop enabled

!

interface Cellular0/3/0

no ip address

ip nat outside

ip virtual-reassembly

encapsulation ppp

dialer in-band

dialer pool-member 1

dialer-group 1

async mode interactive

!

interface Dialer0

ip ddns update hostname DYNDNSHOSTNAME

ip ddns update dyndns

ip address negotiated

ip nat outside

ip virtual-reassembly

encapsulation ppp

dialer pool 1

dialer idle-timeout 0 either

dialer string cdma

dialer persistent delay 5

dialer persistent max-attempts 5

dialer-group 1

no cdp enable

ppp chap password 7 WOOGYBOOGY

ppp ipcp dns request

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 Dialer0

!

no ip http server

no ip http secure-server

!

ip dns server

ip nat inside source list 1 interface Dialer0 overload

ip nat inside source static tcp 192.168.30.103 8081 interface Dialer0 8081

!

access-list 1 permit any

dialer-list 1 protocol ip list 1

no cdp run

!

line 0/3/0

script dialer cdma

login local

rotary 1

no exec

transport input ssh

rxspeed 3100000

txspeed 1800000

line vty 0 4

password 7 02565D58030F01264340

logging synchronous

login local

rotary 1

transport input ssh

!