No ACL on VTY lines. Here is the access-lists and VTY line capture portion of my running-config (couple of redundant entries, I know):

access-list 1 permit 192.168.0.0 0.0.0.255

access-list 100 deny ip any host 255.255.255.255

access-list 100 deny ip any 224.0.0.0 15.255.255.255

access-list 100 deny tcp any eq 135 any

access-list 100 deny tcp any eq 139 any

access-list 100 deny udp any eq netbios-dgm any

access-list 100 deny udp any eq netbios-ns any

access-list 100 deny udp any eq netbios-ss any

access-list 100 permit ip any any

access-list 110 deny icmp any any echo

access-list 110 deny tcp any any range ftp 22

access-list 110 deny tcp any any eq smtp

access-list 110 deny tcp any any range 50 51

access-list 110 deny tcp any any eq domain

access-list 110 deny tcp any any range www 81

access-list 110 deny tcp any any eq pop3

access-list 110 deny tcp any any eq ident

access-list 110 deny tcp any any eq 143

access-list 110 deny tcp any any eq 259

access-list 110 deny tcp any any eq 389

access-list 110 deny tcp any any eq 443

access-list 110 deny tcp any any eq 449

access-list 110 deny tcp any any eq 500

access-list 110 deny tcp any any eq 522

access-list 110 deny tcp any any range 1053 1055

access-list 110 deny tcp any any eq 1720

access-list 110 deny tcp any any eq 5000

access-list 110 permit ip any any

dialer-list 1 protocol ip list 100

!

line con 0

logging synchronous

stopbits 1

line vty 0 4

password xxxx

login

!

!

end

Just a query .. I take it that you are using a public Internet address to get to the router. Is that correct ?

Paresh

Yes. Attached is a Tracert that indicates my ISP is dropping my Telnet request as if I have the ability blocked at my router. Again, I can Telnet from behind the router, and if I am in the Fidnet domain (my ISP as indicated by Tracert) I can Telnet the router. I appreciate you taking a look at this, as I am a Sales Engineer and it takes me time to sit down and study this, and even longer sometimes, to figure out the problem. I don't "adminster networks" day to day.

1 22 ms 5 ms 4 ms 12-216-224-193.client.mchsi.com [12.216.224.193]

2 33 ms 23 ms 17 ms 10.16.224.1

3 41 ms 19 ms 24 ms 12-215-8-1.client.mchsi.com [12.215.8.1]

4 33 ms 23 ms 21 ms 12-215-4-26.client.mchsi.com [12.215.4.26]

5 37 ms 33 ms 30 ms tbr2-p012001.cgcil.ip.att.net [12.123.4.230]

6 42 ms 37 ms 22 ms gbr7-ge20.cgcil.ip.att.net [12.123.6.25]

7 77 ms 56 ms 58 ms 72.ATM1-0.BR3.DFW9.ALTER.NET [204.255.174.9]

8 56 ms 56 ms 55 ms 0.so-2-1-0.XL1.CHI2.ALTER.NET [152.63.71.93]

9 67 ms 59 ms 44 ms 0.so-3-0-0.XL1.STL3.ALTER.NET [152.63.88.242]

10 61 ms 44 ms 49 ms 185.ATM7-0.GW7.STL3.ALTER.NET [152.63.65.241]

11 76 ms 58 ms 67 ms fidnet-OC3.customer.alter.net [157.130.172.222]

12 44 ms 40 ms 53 ms SLLV-Core1-ATM3-0.3.fidnet.com [216.229.64.249]

13 65 ms 44 ms 40 ms SLLV-APEX.fidnet.com [216.229.64.194]

14 64-251-140-55-dialup-mo.fidnet.com [64.251.140.55] reports: Destination ne

t unreachable.

Trace complete.

You need to open up a trouble ticket with your ISP for the routing issue. The last hop on your ISP NET where the traceroute stops doesn't know how to get your site.

I am sure you probably would be taking a different route to get to your site when the source is connected to the same ISP.

HTH,

Sundar