03-28-2006 05:12 AM - edited 03-03-2019 12:12 PM
I am able to remote telnet to a 804 ISDN router provided I telnet from a workstation that is also in the same ISP domain as the router. I'm using NoIP DSN for translating the 192.x.x.x IP address of the router to a host name. When outside my ISP domain, the connection fails. What have I overlooked to make telnet work from anywhere?
03-28-2006 05:15 AM
Hi,
You must have configured an access-list (access-class) on the vty lines that restricts access to certain IP addresses only. The config usually appears as:
line vty 0 5
access-class
Have a look at the ACL to see what addresses you have permitted and open it up for the other addresses that you are coming in from.
Hope that helps - pls rate the post if it does.
Paresh
03-28-2006 08:11 PM
No ACL on VTY lines. Here is the access-lists and VTY line capture portion of my running-config (couple of redundant entries, I know):
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 100 deny ip any host 255.255.255.255
access-list 100 deny ip any 224.0.0.0 15.255.255.255
access-list 100 deny tcp any eq 135 any
access-list 100 deny tcp any eq 139 any
access-list 100 deny udp any eq netbios-dgm any
access-list 100 deny udp any eq netbios-ns any
access-list 100 deny udp any eq netbios-ss any
access-list 100 permit ip any any
access-list 110 deny icmp any any echo
access-list 110 deny tcp any any range ftp 22
access-list 110 deny tcp any any eq smtp
access-list 110 deny tcp any any range 50 51
access-list 110 deny tcp any any eq domain
access-list 110 deny tcp any any range www 81
access-list 110 deny tcp any any eq pop3
access-list 110 deny tcp any any eq ident
access-list 110 deny tcp any any eq 143
access-list 110 deny tcp any any eq 259
access-list 110 deny tcp any any eq 389
access-list 110 deny tcp any any eq 443
access-list 110 deny tcp any any eq 449
access-list 110 deny tcp any any eq 500
access-list 110 deny tcp any any eq 522
access-list 110 deny tcp any any range 1053 1055
access-list 110 deny tcp any any eq 1720
access-list 110 deny tcp any any eq 5000
access-list 110 permit ip any any
dialer-list 1 protocol ip list 100
!
line con 0
logging synchronous
stopbits 1
line vty 0 4
password xxxx
login
!
!
end
03-28-2006 08:17 PM
Just a query .. I take it that you are using a public Internet address to get to the router. Is that correct ?
Paresh
03-29-2006 10:41 AM
Yes. Attached is a Tracert that indicates my ISP is dropping my Telnet request as if I have the ability blocked at my router. Again, I can Telnet from behind the router, and if I am in the Fidnet domain (my ISP as indicated by Tracert) I can Telnet the router. I appreciate you taking a look at this, as I am a Sales Engineer and it takes me time to sit down and study this, and even longer sometimes, to figure out the problem. I don't "adminster networks" day to day.
1 22 ms 5 ms 4 ms 12-216-224-193.client.mchsi.com [12.216.224.193]
2 33 ms 23 ms 17 ms 10.16.224.1
3 41 ms 19 ms 24 ms 12-215-8-1.client.mchsi.com [12.215.8.1]
4 33 ms 23 ms 21 ms 12-215-4-26.client.mchsi.com [12.215.4.26]
5 37 ms 33 ms 30 ms tbr2-p012001.cgcil.ip.att.net [12.123.4.230]
6 42 ms 37 ms 22 ms gbr7-ge20.cgcil.ip.att.net [12.123.6.25]
7 77 ms 56 ms 58 ms 72.ATM1-0.BR3.DFW9.ALTER.NET [204.255.174.9]
8 56 ms 56 ms 55 ms 0.so-2-1-0.XL1.CHI2.ALTER.NET [152.63.71.93]
9 67 ms 59 ms 44 ms 0.so-3-0-0.XL1.STL3.ALTER.NET [152.63.88.242]
10 61 ms 44 ms 49 ms 185.ATM7-0.GW7.STL3.ALTER.NET [152.63.65.241]
11 76 ms 58 ms 67 ms fidnet-OC3.customer.alter.net [157.130.172.222]
12 44 ms 40 ms 53 ms SLLV-Core1-ATM3-0.3.fidnet.com [216.229.64.249]
13 65 ms 44 ms 40 ms SLLV-APEX.fidnet.com [216.229.64.194]
14 64-251-140-55-dialup-mo.fidnet.com [64.251.140.55] reports: Destination ne
t unreachable.
Trace complete.
03-29-2006 11:25 AM
You need to open up a trouble ticket with your ISP for the routing issue. The last hop on your ISP NET where the traceroute stops doesn't know how to get your site.
I am sure you probably would be taking a different route to get to your site when the source is connected to the same ISP.
HTH,
Sundar
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide