03-24-2008 03:46 AM - edited 03-03-2019 09:14 PM
Hi,
I just configured the cisco 1841 router.
config is something like this.
router(config)#
!
interface ethernet0/0
ip address 203.x.x.x/30
ip nat outside
exit
!
interface ethernet0/1
ip address 192.168.1.1/24
ip nat inside
exit
!
access-list 101 permit ip any any
!
ip nat inside source list 101 interface Serial0/0 overload
exit
ip name server 202.56.215.6 202.56.230.6
copy running-config startup-config
I want to access router from internet for configuration.
created line vty 0 4 with password.
But not able to telent on telnet 203.x.x.x.
Kindly suggest what i am missing.
Reg,
Sushil
03-24-2008 03:56 AM
Hi Susil, you can check the âline vty 0 4â is configured as bellow?
#line vty 0 4
privilege level 15 (with this argument enable secret will not required)
password 7 XXXXXXXX (password to access the vty 0 4)
login (enable the login)
transport input telnet ssh (optional/ argument for SSH/telnet login)
transport output telnet ssh (optional/ argument for SSH/telnet login)
Thanks
Goutam
03-24-2008 04:23 AM
Sushil
You provide an incomplete description of configuring the router. I do not see any default route in what you posted. It is not clear whether it is configured and just not shown or if it is not configured.
You do not tell us whether the router is connected and working. Can you clarify whether the router has connectivity to the Internet? Does a PC connected on the inside interface access Internet resources ok? Can the router ping addresses in the Internet. Can you ping the router from the address that you are attempting telnet from?
HTH
Rick
03-24-2008 04:39 AM
Hi,
you cannot telenet from outside because you ACL 101 is "any any". That doesn't work in current IOS.
Change ACL to be
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
And you will be able to.
Hope this helps, please rate post if it does!
03-24-2008 04:50 AM
Paolo
You raise the issue of the access list to use with NAT. I had noted the permit ip any any as an issue, especially for PCs connected on the inside. But since the question is about telnet to the router from outside, will the packets be directly to and from the router and will they not be using the outside (public) address? In which case I am not sure that address translation is the issue.
I do agree that your suggested change is good. But I am not sure that it addresses the original question.
HTH
Rick
03-24-2008 04:56 AM
Hi Rick,
That is a know issue, promised :)
The symptoms are exactly these, everything works, you can even ping from outside to router public if, but cannot telnet into it.
Search the forum for previous cases, or try yourself when you have a chance. Bottom line, never use "any any" for NAT.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide