2511 Access Router 1

[kindian]

I have set up a Cisco 2511 Access server to telnet into my home lab. I can telnet to the 2511 from any computer in the house and then connect to the other routers/switches from there. The problem I have is that I cannot telnet into the 2511 through the internet.

This would be a very nice option since I travel 95% of the time.

My home router is an Apple Airpot Extreme and I have set the 2511 in the DMZ. Still the connection times out.

I can post the startup-config later, when I get home, if needed. I am at work at the moment.

Any help would be appreciated.

Thank you in advance.

 

[kindian]

Here is the configuration of the 2511


Access#show run
Building configuration...

Current configuration : 1443 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Access
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$6aCJ$E9vWQN67f/iI5EiT2wesm5.
!
no aaa new-model
ip subnet-zero
no ip domain lookup
ip host Frame 2006 100.1.1.1
ip host r1 2001 100.1.1.1
ip host r2 2002 100.1.1.1
ip host r3 2003 100.1.1.1
ip host sw1 2004 100.1.1.1
ip host sw2 2005 100.1.1.1
!
username john privilege 15 secret 5 $1$KdJU$K3zsVDdPCkfUwByVN1m0M1
username bill privilege 15 secret 5 $1$MJZD$83w0bzCtB.82wTs5QLZbl0/
!
!
!
interface Loopback0
ip address 100.1.1.1 255.255.255.255
no ip route-cache
!
interface Ethernet0
ip address 192.168.1.100 255.255.255.0
no ip route-cache
!
interface Serial0
no ip address
no ip route-cache
shutdown
no fair-queue
!
interface Serial1
no ip address
no ip route-cache
shutdown
no fair-queue
!
ip default-gateway 192.168.1.1
ip http server
ip http authentication local
ip classless
!
!
no cdp run
!
!
line con 0
exec-timeout 0 0
logging synchronous
login local
line 1 16
transport input all
speed 115200
line aux 0
transport input all
line vty 0
exec-timeout 0 0
logging synchronous
login local
rotary 99
transport input telnet
line vty 1
exec-timeout 0 0
logging synchronous
login local
rotary 23
transport input telnet
line vty 2 4
exec-timeout 0 0
logging synchronous
login local
transport input all
!
end

Access#

 

[Minue]

Hello
First you will need a public static IP or have a dynamic that has a long least.
Then you will need to map it to the private address of the 2511.
Regards

 

[burtsbees]

You can RDC into your home computer and from there telnet into your 2511.

Burt

 

[kindian]

I have a dynamic address with a long lease, but I also have software running at home that emails me when my IP address changes.


I have the private address set in the DMZ. I have also forwarded ports 3099 and 3023 to the private address of the 2511. I am using these ports because I am not sure if my ISP is blocking port 23.

 

[burtsbees]

That's a bad idea---try 22 and this in the 2511
line vty 0 4
transport input ssh

Going across the internet in clear text is never a good idea...

Burt

 

[kindian]

No ssh on the ios I have installed. So, not an option. Telnet should be fine as it only gives access to my lab.

her is the show version

Cisco Internetwork Operating System Software
IOS (tm) 2500 Software (C2500-IS-L), Version 12.3(20), RELEASE SOFTWARE (fc2)
Technical Support:

http://www.cisco.com/techsupport

Copyright (c) 1986-2006 by cisco Systems, Inc.
Compiled Tue 08-Aug-06 23:30 by kesnyder
Image text-base: 0x0307DF0C, data-base: 0x00001000

ROM: System Bootstrap, Version 5.2(8a), RELEASE SOFTWARE
BOOTLDR: 3000 Bootstrap Software (IGS-RXBOOT), Version 10.2(8a), RELEASE SOFTWARE (fc1)

Simmons uptime is 54 minutes
System returned to ROM by power-on
System image file is "flash:c2500-is-l.123-20.bin"

cisco 2511 (68030) processor (revision L) with 14336K/2048K bytes of memory.
Processor board ID 03002167, with hardware revision 00000000
Bridging software.
X.25 software, Version 3.0.0.
1 Ethernet/IEEE 802.3 interface(s)
2 Serial network interface(s)
16 terminal line(s)
32K bytes of non-volatile configuration memory.
16384K bytes of processor board System flash (Read ONLY)

Configuration register is 0x2102

 

[burtsbees]

You're accessing it from over the internet! Not good! Name and password for the router are sent in clear text across the Great Divide!

Burt

 

[kindian]

I realize that the name and password are sent in clear text. This is not a problem since the router is only on when I turn it on remotely. I have an ethernet power controller. This way I can turn on all the routers when away from home, only problem is I cannot telnet OR ssh into the access router. I would love to use ssh, but the IOS installed on the router does not support it, and I really don't wish to waste the money on a newer model router. Not for home lab that no one has access to unless I have it powered on.

 

[burtsbees]

This is not a problem since the router is only on when I turn it on remotely."
No! If you telnet remotely, and some device port-forwards the request to the Cisco, you're still in a telnet session!

Burt

 

[ravy2008]

Hello,

Could someone help me with setting up my 2511 which is set up in the basement and connected to 2 x 3550 and 2 x 3560 to be able to telnet into it from upstairs where my main computer and internet connection is located. I have a windows XP computer downstairs connected wirelessly and as I said I would like to telnet from upstairs somehow to my 2511 downstairs and be able to do exactly as if I was 'consoled' in.

Thanks,
Ravy

 

[burtsbees]

Dude---that link is...nevermind.

RDC From upstairs into the downstairs computer. I am assuming you have a console cable hooked to the downstairs computer, right?
Wanna sell one of those 3560's by chance?

Burt