Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

Unable to Remote Telnet

I am unable to remote telnet a cisco 1841 series router. Pls help how can I acess it remotely. I can access it on my local LAN

12 REPLIES
Super Bronze

Re: Unable to Remote Telnet

Two common causes for that are either routing isn't correct to/from the router and the device you're using telnet from, or something like an ACL is blocking telnet along the path.

For the former, with regard to correct routing, can you ping the router from your remote telnet host? From the router, can you ping your remote telnet host?

New Member

Re: Unable to Remote Telnet

Dear Sir,

The routing is configured properly as below

iproute 0.0.0.0 124.124.42.105

iproute 172.16.1.0 255.255.255.0 172.22.26.1

ip route192.168.0.0 255.255.255.0 172.22.26.1

ip route192.168.16.0 255.255.255.0 172.22.26.1

where we have allowed traffic from mentioned IPs to be diverted to out another router which we are using for VPN. and 124.124.42.105 is our internet gateway and this we have defined for accessing both VPN and internet on the same LAN IP.

And we have not defined any ACL. this is permit any any.

Pls let us know why we are not able to remote telnet our router. we get ping reply from this remotely and vice versa.

Regards

PRavin Mehra

have configured

Hall of Fame Super Gold

Re: Unable to Remote Telnet

Pravin

As Joseph suggests, if you can not telnet to the router from a remote location there generally are 2 types of problems that cause this symptom: either there is a routing problem or the telnet traffic is denied somewhere.

If you are sure that routing is ok, and especially if you can ping the router address from the remote location then we can believe that it is not a routing issue. (are you telnetting to the exact same address that you can ping?)

Some routers (especially those set up by SDM) will allow local telnet but not remote telnet. If you would post the entire router config then we would be able to see whether this is the case on your router.

HTH

Rick

Super Bronze

Re: Unable to Remote Telnet

Rick, I wasn't aware of the SDM issue. What does it do, configure an ACL attached to the VTY for local interface subnets only?

Hall of Fame Super Gold

Re: Unable to Remote Telnet

Joseph

Yes. I have seen a number of router configs that were generated by SDM that have an access list which has permits for only the local subnet(s) and is applied as access-class in on the vty.

HTH

Rick

Super Bronze

Re: Unable to Remote Telnet

Rick,

Thank you. (I have never used SDM to actually configure a router, although I've reviewed its for security and other template suggestions.)

New Member

Re: Unable to Remote Telnet

DEar Sir,

This router was configured manually not through SDM.we also are unable to understand what could be the issue.

Regards

Pravin Mehra

New Member

Re: Unable to Remote Telnet

can we have your e-mail id so that we could send you the entire screen shots of router configuration.

Regards

Pravin Mehra

Hall of Fame Super Gold

Re: Unable to Remote Telnet

Pravin has communicated the config to me privately and I believe that I have identified the problem. Pravin is using NAT (actually PAT) on the outside interface. The NAT statement uses access-list 101 and access-list 101 has a single statement which is permit ip any any. I believe that the problem is the use of any any in the access list. This prevents remote telnet.

Pravin

I suggest that you can fix this problem by changing the access list and eliminating the any any. My suggestion would be to change to a standard (rather then extended) access list and permit your network source addresses. You would need at least:

access-list 50 permit 172.22.26.0 0.0.0.255

and from the static routes I suspect that you might also need:

access-list 50 permit 172.16.1.0 0.0.0.255

access-list 50 permit 192.168.0.0 0.0.0.255

access-list 50 permit 192.168.16.0 0.0.0.255

Give this a try and let us know if it fixes the problem.

HTH

Rick

Blue

Re: Unable to Remote Telnet

Hi, Rick:

How would the 'any any' prevent remote telnet?

Thanks

Victor

Hall of Fame Super Gold

Re: Unable to Remote Telnet

Victor

That is an excellent question. Unfortunately I do not have an equally excellent answer.

I was told about this behavior without being given an explanation. I tested and verified the behavior and find that any any did prevent remote telnet. So I suggest this solution (and believe that it will work) without being able to explain it well.

HTH

Rick

Blue

Re: Unable to Remote Telnet

Fair enough. :-)

Thanks

Victor

294
Views
0
Helpful
12
Replies
CreatePlease to create content