Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

Unable to telnet from outside Cisco 877

Hi,

I am facing an issue with a cisco 877 router. I am not able to telnet to this router from outside using the public IP. I have also notices this works when the Nat is removed.

Config file is attached for reference.

Appreciate if anyone can suggest the solution to it.

Faizal

Everyone's tags (5)
1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Unable to telnet from outside Cisco 877

Hi Faizal,

You don't need to use that route map for the NAT, just use the ACL. In the ACL I can see a permit any that you should not use with NAT(Cisco doesn't recomment using permit any with NAT as it consumes to much resouces). Please specify the range of ip that you want to use NAT. I think that is why you cannot telnet from outside only if you disable NAT.

Please let me know if this worked.

Take care,

PaulC

7 REPLIES
VIP Purple

Re: Unable to telnet from outside Cisco 877

Hi Faizal,

Can you ping it ?

Can you traceroute to it.

Can u telnet from inside?

Do you have a route to get out of your home network?

Try with this:  ip route 0.0.0.0 0.0.0.0

Regards

Please rate if it helps.      

New Member

Unable to telnet from outside Cisco 877

Hi Sandeep,

Yes, I can ping it from outside, I can traceroute to it from outiside and also telnet is working from inside.

There is a default to route to go outside.

Faizal

VIP Purple

Unable to telnet from outside Cisco 877

In your ACL NAT_ACL please  change:

permit ip any any to:

permit ip 192.168.12.0 0.0.0.255 any

and then try??

Regards

Please rate if it helps.

New Member

Unable to telnet from outside Cisco 877

Hi Faizal,

You don't need to use that route map for the NAT, just use the ACL. In the ACL I can see a permit any that you should not use with NAT(Cisco doesn't recomment using permit any with NAT as it consumes to much resouces). Please specify the range of ip that you want to use NAT. I think that is why you cannot telnet from outside only if you disable NAT.

Please let me know if this worked.

Take care,

PaulC

New Member

Unable to telnet from outside Cisco 877

Alessio,

this line:

          ip access-list 101 permit tcp 192.168.12.0 0.0.0.255 host 91.72.59.154 eq 23

is redundant when it follows this line:

          ip access-list 101 permit ip 192.168.12.0 0.0.0.255 host 91.72.59.154

because "permit ip" includes tcp, udp and icmp.

Re: Unable to telnet from outside Cisco 877

ip access-list extended VPN_TRAFFIC

permit ip 192.168.12.0 0.0.0.255 host 91.72.59.154

did you try to add that?

By the way you should do something different:

ip access-list 101 permit ip 192.168.12.0 0.0.0.255 host 91.72.59.154

ip access-list 101 permit tcp      192.168.12.0 0.0.0.255 host 91.72.59.154 eq 23

line vty 0 4

ip access-class 101 in

Let me know

Alessio

New Member

Unable to telnet from outside Cisco 877

Had this same issue. Resolved it by removing the ACL statement

permit ip any any

1669
Views
5
Helpful
7
Replies
CreatePlease to create content