03-28-2006 05:12 AM - edited 03-03-2019 12:12 PM
I am able to remote telnet to a 804 ISDN router provided I telnet from a workstation that is also in the same ISP domain as the router. I'm using NoIP DSN for translating the 192.x.x.x IP address of the router to a host name. When outside my ISP domain, the connection fails. What have I overlooked to make telnet work from anywhere?
03-28-2006 05:15 AM
Hi,
You must have configured an access-list (access-class) on the vty lines that restricts access to certain IP addresses only. The config usually appears as:
line vty 0 5
access-class
Have a look at the ACL to see what addresses you have permitted and open it up for the other addresses that you are coming in from.
Hope that helps - pls rate the post if it does.
Paresh
03-28-2006 08:11 PM
No ACL on VTY lines. Here is the access-lists and VTY line capture portion of my running-config (couple of redundant entries, I know):
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 100 deny ip any host 255.255.255.255
access-list 100 deny ip any 224.0.0.0 15.255.255.255
access-list 100 deny tcp any eq 135 any
access-list 100 deny tcp any eq 139 any
access-list 100 deny udp any eq netbios-dgm any
access-list 100 deny udp any eq netbios-ns any
access-list 100 deny udp any eq netbios-ss any
access-list 100 permit ip any any
access-list 110 deny icmp any any echo
access-list 110 deny tcp any any range ftp 22
access-list 110 deny tcp any any eq smtp
access-list 110 deny tcp any any range 50 51
access-list 110 deny tcp any any eq domain
access-list 110 deny tcp any any range www 81
access-list 110 deny tcp any any eq pop3
access-list 110 deny tcp any any eq ident
access-list 110 deny tcp any any eq 143
access-list 110 deny tcp any any eq 259
access-list 110 deny tcp any any eq 389
access-list 110 deny tcp any any eq 443
access-list 110 deny tcp any any eq 449
access-list 110 deny tcp any any eq 500
access-list 110 deny tcp any any eq 522
access-list 110 deny tcp any any range 1053 1055
access-list 110 deny tcp any any eq 1720
access-list 110 deny tcp any any eq 5000
access-list 110 permit ip any any
dialer-list 1 protocol ip list 100
!
line con 0
logging synchronous
stopbits 1
line vty 0 4
password xxxx
login
!
!
end
03-28-2006 08:17 PM
Just a query .. I take it that you are using a public Internet address to get to the router. Is that correct ?
Paresh
03-29-2006 10:41 AM
Yes. Attached is a Tracert that indicates my ISP is dropping my Telnet request as if I have the ability blocked at my router. Again, I can Telnet from behind the router, and if I am in the Fidnet domain (my ISP as indicated by Tracert) I can Telnet the router. I appreciate you taking a look at this, as I am a Sales Engineer and it takes me time to sit down and study this, and even longer sometimes, to figure out the problem. I don't "adminster networks" day to day.
1 22 ms 5 ms 4 ms 12-216-224-193.client.mchsi.com [12.216.224.193]
2 33 ms 23 ms 17 ms 10.16.224.1
3 41 ms 19 ms 24 ms 12-215-8-1.client.mchsi.com [12.215.8.1]
4 33 ms 23 ms 21 ms 12-215-4-26.client.mchsi.com [12.215.4.26]
5 37 ms 33 ms 30 ms tbr2-p012001.cgcil.ip.att.net [12.123.4.230]
6 42 ms 37 ms 22 ms gbr7-ge20.cgcil.ip.att.net [12.123.6.25]
7 77 ms 56 ms 58 ms 72.ATM1-0.BR3.DFW9.ALTER.NET [204.255.174.9]
8 56 ms 56 ms 55 ms 0.so-2-1-0.XL1.CHI2.ALTER.NET [152.63.71.93]
9 67 ms 59 ms 44 ms 0.so-3-0-0.XL1.STL3.ALTER.NET [152.63.88.242]
10 61 ms 44 ms 49 ms 185.ATM7-0.GW7.STL3.ALTER.NET [152.63.65.241]
11 76 ms 58 ms 67 ms fidnet-OC3.customer.alter.net [157.130.172.222]
12 44 ms 40 ms 53 ms SLLV-Core1-ATM3-0.3.fidnet.com [216.229.64.249]
13 65 ms 44 ms 40 ms SLLV-APEX.fidnet.com [216.229.64.194]
14 64-251-140-55-dialup-mo.fidnet.com [64.251.140.55] reports: Destination ne
t unreachable.
Trace complete.
03-29-2006 11:25 AM
You need to open up a trouble ticket with your ISP for the routing issue. The last hop on your ISP NET where the traceroute stops doesn't know how to get your site.
I am sure you probably would be taking a different route to get to your site when the source is connected to the same ISP.
HTH,
Sundar
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: