Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Can ping ... cannot telnet

Status
Not open for further replies.

superduperlopez

Technical User
Mar 21, 2006
32
GB
Hi, I am having the following problem with a Cisco Router....

I can ping the router from my office but cannot telnet it. This is, cannot telnet to the interface that connect to the Internet

However, I can telnet the router on the interface that connects to tha LAN

Any ideas why??

Enable secret is configured...so it is the loging password in the vty lines. I have also applied a permit ip any any to the interface. which I have applied to the lines an the interface...

I am trying to sort this out but the configuration wasn't put by me on the first place. The guy who did it also used this

aaa new-model
!
!
aaa authentication login default local
aaa authentication ppp default local
aaa session-id common

could this be causing the problem???

thank you
 
No, I believe there is no firewall on the client's side.
There is one in our side but we can telnet to other clients so that shouldn't be the problem??
 
here it is the FULL configuration......I hope it helps....as I said I didn't do it in the first place but I am not trying to solve this telnet problem........thank you for any help

Current configuration : 28942 bytes
!
version 12.3
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname TEST
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable secret 5
!
username TEST1 privilege 15 view root secret 5
username TEST2 privilege 15 password 7
username TEST3 privilege 15 password 7
--More--  username TEST4 privilege 7 password 7
no network-clock-participate aim 0
no network-clock-participate aim 1
aaa new-model
!
!
aaa authentication login default local
aaa authentication ppp default local
aaa session-id common
ip subnet-zero
no ip source-route
ip tcp synwait-time 10
!
!
ip cef
!
!
ip ips po max-events 100
no ip bootp server
ip domain name TEST.co.uk
ip name-server 211.11.1.111
ip ssh time-out 60
ip ssh authentication-retries 2
--More--  vpdn enable
!
vpdn-group pptp
! Default PPTP VPDN group
accept-dialin
protocol pptp
virtual-template 1
!
no ftp-server write-enable
!
!
!
!
!
class-map match-all class129
match access-group 129
class-map match-all class138
match access-group 138
class-map match-all class128
match access-group 128
class-map match-all class109
match access-group 109
class-map match-all class118
--More--   match access-group 118
class-map match-all class108
match access-group 108
class-map match-all class119
match access-group 119
class-map match-all class107
match access-group 107
class-map match-all class116
match access-group 116
class-map match-all class125
match access-group 125
class-map match-all class134
match access-group 134
class-map match-all class106
match access-group 106
class-map match-all class117
match access-group 117
class-map match-all class124
match access-group 124
class-map match-all class135
match access-group 135
class-map match-all class105
match access-group 105
--More--  class-map match-all class114
match access-group 114
class-map match-all class127
match access-group 127
class-map match-all class136
match access-group 136
class-map match-all class104
match access-group 104
class-map match-all class115
match access-group 115
class-map match-all class126
match access-group 126
class-map match-all class137
match access-group 137
class-map match-all class103
match access-group 103
class-map match-all class112
match access-group 112
class-map match-all class121
match access-group 121
class-map match-all class130
match access-group 130
class-map match-all class102
--More--   match access-group 102
class-map match-all class113
match access-group 113
class-map match-all class120
match access-group 120
class-map match-all class131
match access-group 131
class-map match-all class101
match access-group 101
class-map match-all class110
match access-group 110
class-map match-all class123
match access-group 123
class-map match-all class132
match access-group 132
class-map match-all class100
match access-group 100
class-map match-all class111
match access-group 111
class-map match-all class122
match access-group 122
class-map match-all class133
match access-group 133
--More--  !
!
policy-map policing
class class100
police cir 1048500 bc 56000 be 56000
conform-action transmit
exceed-action set-dscp-transmit cs3
violate-action drop
class class101
police cir 1048500 bc 56000 be 56000
conform-action transmit
exceed-action set-dscp-transmit cs3
violate-action drop
class class102
police cir 1048500 bc 56000 be 56000
conform-action transmit
exceed-action set-dscp-transmit cs3
violate-action drop
class class103
police cir 1048500 bc 56000 be 56000
conform-action transmit
exceed-action set-dscp-transmit cs3
violate-action drop
--More--   class class104
police cir 1048500 bc 56000 be 56000
conform-action transmit
exceed-action set-dscp-transmit cs3
violate-action drop
class class105
police cir 1048500 bc 56000 be 56000
conform-action transmit
exceed-action set-dscp-transmit cs3
violate-action drop
class class106
police cir 1048500 bc 56000 be 56000
conform-action transmit
exceed-action set-dscp-transmit cs3
violate-action drop
class class107
police cir 1048500 bc 56000 be 56000
conform-action transmit
exceed-action set-dscp-transmit cs3
violate-action drop
class class108
police cir 1048500 bc 56000 be 56000
conform-action transmit
--More--   exceed-action set-dscp-transmit cs3
violate-action drop
class class109
police cir 1048500 bc 56000 be 56000
conform-action transmit
exceed-action set-dscp-transmit cs3
violate-action drop
class class110
police cir 1048500 bc 56000 be 56000
conform-action transmit
exceed-action set-dscp-transmit cs3
violate-action drop
class class111
police cir 1048500 bc 56000 be 56000
conform-action transmit
exceed-action set-dscp-transmit cs3
violate-action drop
class class112
police cir 1048500 bc 56000 be 56000
conform-action transmit
exceed-action set-dscp-transmit cs3
violate-action drop
class class113
--More--   police cir 1048500 bc 56000 be 56000
conform-action transmit
exceed-action set-dscp-transmit cs3
violate-action drop
class class114
police cir 1048500 bc 56000 be 56000
conform-action transmit
exceed-action set-dscp-transmit cs3
violate-action drop
class class115
police cir 1048500 bc 56000 be 56000
conform-action transmit
exceed-action set-dscp-transmit cs3
violate-action drop
class class116
police cir 1048500 bc 56000 be 56000
conform-action transmit
exceed-action set-dscp-transmit cs3
violate-action drop
class class117
police cir 1048500 bc 56000 be 56000
conform-action transmit
exceed-action set-dscp-transmit cs3
--More--   violate-action drop
class class118
police cir 1048500 bc 56000 be 56000
conform-action transmit
exceed-action set-dscp-transmit cs3
violate-action drop
class class119
police cir 1048500 bc 56000 be 56000
conform-action transmit
exceed-action set-dscp-transmit cs3
violate-action drop
class class120
police cir 1048500 bc 56000 be 56000
conform-action transmit
exceed-action set-dscp-transmit cs3
violate-action drop
class class121
police cir 1048500 bc 56000 be 56000
conform-action transmit
exceed-action set-dscp-transmit cs3
violate-action drop
class class122
police cir 1048500 bc 56000 be 56000
--More--   conform-action transmit
exceed-action set-dscp-transmit cs3
violate-action drop
class class123
police cir 1048500 bc 56000 be 56000
conform-action transmit
exceed-action set-dscp-transmit cs3
violate-action drop
class class124
police cir 1048500 bc 56000 be 56000
conform-action transmit
exceed-action set-dscp-transmit cs3
violate-action drop
class class125
police cir 1048500 bc 56000 be 56000
conform-action transmit
exceed-action set-dscp-transmit cs3
violate-action drop
class class126
police cir 1048500 bc 56000 be 56000
conform-action transmit
exceed-action set-dscp-transmit cs3
violate-action drop
--More--   class class127
police cir 1048500 bc 56000 be 56000
conform-action transmit
exceed-action set-dscp-transmit cs3
violate-action drop
class class128
police cir 1048500 bc 56000 be 56000
conform-action transmit
exceed-action set-dscp-transmit cs3
violate-action drop
class class129
police cir 1048500 bc 56000 be 56000
conform-action transmit
exceed-action set-dscp-transmit cs3
violate-action drop
class class130
police cir 1048500 bc 56000 be 56000
conform-action transmit
exceed-action set-dscp-transmit cs3
violate-action drop
class class131
police cir 1048500 bc 56000 be 56000
conform-action transmit
--More--   exceed-action set-dscp-transmit cs3
violate-action drop
class class132
police cir 1048500 bc 56000 be 56000
conform-action transmit
exceed-action set-dscp-transmit cs3
violate-action drop
class class133
police cir 1048500 bc 56000 be 56000
conform-action transmit
exceed-action set-dscp-transmit cs3
violate-action drop
class class134
police cir 1048500 bc 56000 be 56000
conform-action transmit
exceed-action set-dscp-transmit cs3
violate-action drop
class class135
police cir 1048500 bc 56000 be 56000
conform-action transmit
exceed-action set-dscp-transmit cs3
violate-action drop
class class136
--More--   police cir 1048500 bc 56000 be 56000
conform-action transmit
exceed-action set-dscp-transmit cs3
violate-action drop
class class137
police cir 1048500 bc 56000 be 56000
conform-action transmit
exceed-action set-dscp-transmit cs3
violate-action drop
class class138
police cir 1048500 bc 56000 be 56000
conform-action transmit
exceed-action set-dscp-transmit cs3
violate-action drop
!
!
!
!
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface FastEthernet0/0
--More--   ip address 192.168.96.2 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
no mop enabled
!
interface FastEthernet0/0.100
encapsulation dot1Q 100
ip address 192.168.100.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/0.101
encapsulation dot1Q 101
ip address 192.168.101.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
--More--  interface FastEthernet0/0.102
encapsulation dot1Q 102
ip address 192.168.102.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/0.103
encapsulation dot1Q 103
ip address 192.168.103.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/0.104
encapsulation dot1Q 104
ip address 192.168.104.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/0.105
encapsulation dot1Q 105
ip address 192.168.105.1 255.255.255.0
ip nat inside
ip virtual-reassembly
--More--  !
interface FastEthernet0/0.106
encapsulation dot1Q 106
ip address 192.168.106.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/0.107
encapsulation dot1Q 107
ip address 192.168.107.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/0.108
encapsulation dot1Q 108
ip address 192.168.108.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/0.109
encapsulation dot1Q 109
ip address 192.168.109.1 255.255.255.0
ip nat inside
--More--   ip virtual-reassembly
!
interface FastEthernet0/0.110
encapsulation dot1Q 110
ip address 192.168.110.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/0.111
encapsulation dot1Q 111
ip address 192.168.111.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/0.112
encapsulation dot1Q 112
ip address 192.168.112.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/0.113
encapsulation dot1Q 113
ip address 192.168.113.1 255.255.255.0
--More--   ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/0.114
encapsulation dot1Q 114
ip address 192.168.114.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/0.115
encapsulation dot1Q 115
ip address 192.168.115.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/0.116
encapsulation dot1Q 116
ip address 192.168.116.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/0.117
encapsulation dot1Q 117
--More--   ip address 192.168.117.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/0.118
encapsulation dot1Q 118
ip address 192.168.118.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/0.119
encapsulation dot1Q 119
ip address 192.168.119.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/0.120
encapsulation dot1Q 120
ip address 192.168.120.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/0.121
--More--   encapsulation dot1Q 121
ip address 192.168.121.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/0.122
encapsulation dot1Q 122
ip address 192.168.122.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/0.123
encapsulation dot1Q 123
ip address 192.168.123.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/0.124
encapsulation dot1Q 124
ip address 192.168.124.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
--More--  interface FastEthernet0/0.125
encapsulation dot1Q 125
ip address 192.168.125.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/0.126
encapsulation dot1Q 126
ip address 192.168.126.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/0.127
encapsulation dot1Q 127
ip address 192.168.127.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/0.128
encapsulation dot1Q 128
ip address 192.168.128.1 255.255.255.0
ip nat inside
ip virtual-reassembly
--More--  !
interface FastEthernet0/0.129
encapsulation dot1Q 129
ip address 192.168.129.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/0.130
encapsulation dot1Q 130
ip address 192.168.130.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/0.131
encapsulation dot1Q 131
ip address 192.168.131.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/0.132
encapsulation dot1Q 132
ip address 192.168.132.1 255.255.255.0
ip nat inside
--More--   ip virtual-reassembly
!
interface FastEthernet0/0.133
description G&G
encapsulation dot1Q 133
ip address 192.168.133.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/0.136
encapsulation dot1Q 136
ip address 192.168.136.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/0.137
encapsulation dot1Q 137
ip address 192.168.137.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/0.138
encapsulation dot1Q 138
--More--   ip address 192.168.138.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/0.139
encapsulation dot1Q 139
ip address 192.168.139.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/1
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
shutdown
duplex auto
speed auto
no mop enabled
!
interface ATM0/0/0
no ip address
--More--   no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
no ip mroute-cache
atm vc-per-vp 128
no atm ilmi-keepalive
dsl operating-mode auto
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface Virtual-Template1
ip unnumbered Loopback0
peer default ip address pool pptp
ppp encrypt mppe 40
ppp authentication ms-chap
!
interface Dialer1
description $TEST OUT$
ip address negotiated
ip access-group 199 in
--More--   no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip route-cache flow
dialer pool 1
dialer-group 1
ppp authentication chap callin
ppp chap hostname TEST@TEST
ppp chap password 7
ppp ipcp dns request
hold-queue 224 in
!
ip local pool pptp 192.168.80.50 192.168.80.100
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
ip http server
ip http authentication local
ip http secure-server
ip nat inside source route-map nat interface Dialer1 overload
ip nat inside source static tcp 192.168.138.2 80 69.69.69.128 80 extendable
--More--  ip nat inside source static tcp 192.168.138.2 443 69.69.69.128 443 extendable
ip nat inside source static 192.168.137.2 69.69.69.129 extendable
ip nat inside source static tcp 192.168.130.10 1723 69.69.69.130 1723 extendable
ip nat inside source static tcp 192.168.102.10 5108 69.69.69.130 5108 extendable
ip nat inside source static tcp 192.168.102.10 5800 69.69.69.130 5800 extendable
ip nat inside source static tcp 192.168.102.10 5900 69.69.69.130 5900 extendable
ip nat inside source static tcp 192.168.108.2 21 69.69.69.131 21 extendable
ip nat inside source static tcp 192.168.108.2 23 69.69.69.131 23 extendable
ip nat inside source static tcp 192.168.108.2 25 69.69.69.131 25 extendable
ip nat inside source static tcp 192.168.108.2 80 69.69.69.131 80 extendable
ip nat inside source static tcp 192.168.108.2 110 69.69.69.131 110 extendable
ip nat inside source static tcp 192.168.108.2 443 69.69.69.131 443 extendable
ip nat inside source static tcp 192.168.108.88 785 69.69.69.131 785 extendable
ip nat inside source static tcp 192.168.102.10 1723 69.69.69.131 1723 extendable
ip nat inside source static tcp 192.168.108.2 3389 69.69.69.131 3389 extendable
ip nat inside source static tcp 192.168.108.2 4125 69.69.69.131 4125 extendable
ip nat inside source static tcp 192.168.108.2 5800 69.69.69.131 5800 extendable
ip nat inside source static tcp 192.168.108.2 5900 69.69.69.131 5900 extendable
--More--  ip nat inside source static tcp 192.168.108.2 7946 69.69.69.131 7946 extendable
ip nat inside source static udp 192.168.108.2 7946 69.69.69.131 7946 extendable
ip nat inside source static 192.168.108.10 69.69.69.132 extendable
ip nat inside source static tcp 192.168.240.10 1723 69.69.69.133 1723 extendable
ip nat inside source static tcp 192.168.96.3 3389 69.69.69.133 3389 extendable
ip nat inside source static tcp 192.168.96.3 5900 69.69.69.133 5900 extendable
ip nat inside source static tcp 192.168.116.10 1723 69.69.69.134 1723 extendable
!
!
logging trap debugging
logging 68.68.68.185
access-list 1 permit 68.68.68.190
access-list 100 remark SDM_ACL Category=3
access-list 100 deny ip host 255.255.255.255 any
access-list 100 deny ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 permit ip 192.168.101.0 0.0.0.255 host 192.168.96.1
access-list 101 permit ip 192.168.101.0 0.0.0.255 host 192.168.96.3
access-list 101 deny ip 192.168.101.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 101 permit ip 192.168.101.0 0.0.0.255 any
access-list 102 permit ip 192.168.102.0 0.0.0.255 host 192.168.96.1
--More--  access-list 102 permit ip 192.168.102.0 0.0.0.255 host 192.168.96.3
access-list 102 deny ip 192.168.102.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 102 permit ip 192.168.102.0 0.0.0.255 any
access-list 103 permit ip 192.168.103.0 0.0.0.255 host 192.168.96.1
access-list 103 permit ip 192.168.103.0 0.0.0.255 host 192.168.96.3
access-list 103 deny ip 192.168.103.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 103 permit ip 192.168.103.0 0.0.0.255 any
access-list 104 permit ip 192.168.104.0 0.0.0.255 host 192.168.96.1
access-list 104 permit ip 192.168.104.0 0.0.0.255 host 192.168.96.3
access-list 104 deny ip 192.168.104.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 104 permit ip 192.168.104.0 0.0.0.255 any
access-list 105 permit ip 192.168.105.0 0.0.0.255 host 192.168.96.1
access-list 105 permit ip 192.168.105.0 0.0.0.255 host 192.168.96.3
access-list 105 deny ip 192.168.105.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 105 permit ip 192.168.105.0 0.0.0.255 any
access-list 106 permit ip 192.168.106.0 0.0.0.255 host 192.168.96.1
access-list 106 permit ip 192.168.106.0 0.0.0.255 host 192.168.96.3
access-list 106 deny ip 192.168.106.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 106 permit ip 192.168.106.0 0.0.0.255 any
access-list 107 permit ip 192.168.107.0 0.0.0.255 host 192.168.96.1
access-list 107 permit ip 192.168.107.0 0.0.0.255 host 192.168.96.3
access-list 107 deny ip 192.168.107.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 107 permit ip 192.168.107.0 0.0.0.255 any
--More--  access-list 108 permit ip 192.168.108.0 0.0.0.255 host 192.168.96.1
access-list 108 permit ip 192.168.108.0 0.0.0.255 host 192.168.96.3
access-list 108 deny ip 192.168.108.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 108 permit ip 192.168.108.0 0.0.0.255 any
access-list 109 permit ip 192.168.109.0 0.0.0.255 host 192.168.96.1
access-list 109 permit ip 192.168.109.0 0.0.0.255 host 192.168.96.3
access-list 109 deny ip 192.168.109.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 109 permit ip 192.168.109.0 0.0.0.255 any
access-list 110 permit ip 192.168.110.0 0.0.0.255 host 192.168.96.1
access-list 110 permit ip 192.168.110.0 0.0.0.255 host 192.168.96.3
access-list 110 deny ip 192.168.110.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 110 permit ip 192.168.110.0 0.0.0.255 any
access-list 111 permit ip 192.168.111.0 0.0.0.255 host 192.168.96.1
access-list 111 permit ip 192.168.111.0 0.0.0.255 host 192.168.96.3
access-list 111 deny ip 192.168.111.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 111 permit ip 192.168.111.0 0.0.0.255 any
access-list 112 permit ip 192.168.112.0 0.0.0.255 host 192.168.96.1
access-list 112 permit ip 192.168.112.0 0.0.0.255 host 192.168.96.3
access-list 112 deny ip 192.168.112.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 112 permit ip 192.168.112.0 0.0.0.255 any
access-list 113 permit ip 192.168.113.0 0.0.0.255 host 192.168.96.1
access-list 113 permit ip 192.168.113.0 0.0.0.255 host 192.168.96.3
access-list 113 deny ip 192.168.113.0 0.0.0.255 192.168.0.0 0.0.255.255
--More--  access-list 113 permit ip 192.168.113.0 0.0.0.255 any
access-list 114 permit ip 192.168.114.0 0.0.0.255 host 192.168.96.1
access-list 114 permit ip 192.168.114.0 0.0.0.255 host 192.168.96.3
access-list 114 deny ip 192.168.114.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 114 permit ip 192.168.114.0 0.0.0.255 any
access-list 115 permit ip 192.168.115.0 0.0.0.255 host 192.168.96.1
access-list 115 permit ip 192.168.115.0 0.0.0.255 host 192.168.96.3
access-list 115 deny ip 192.168.115.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 115 permit ip 192.168.115.0 0.0.0.255 any
access-list 116 permit ip 192.168.116.0 0.0.0.255 host 192.168.96.1
access-list 116 permit ip 192.168.116.0 0.0.0.255 host 192.168.96.3
access-list 116 deny ip 192.168.116.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 116 permit ip 192.168.116.0 0.0.0.255 any
access-list 117 permit ip 192.168.117.0 0.0.0.255 host 192.168.96.1
access-list 117 permit ip 192.168.117.0 0.0.0.255 host 192.168.96.3
access-list 117 deny ip 192.168.117.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 117 permit ip 192.168.117.0 0.0.0.255 any
access-list 118 permit ip 192.168.118.0 0.0.0.255 host 192.168.96.1
access-list 118 permit ip 192.168.118.0 0.0.0.255 host 192.168.96.3
access-list 118 deny ip 192.168.118.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 118 permit ip 192.168.118.0 0.0.0.255 any
access-list 119 permit ip 192.168.119.0 0.0.0.255 host 192.168.96.1
access-list 119 permit ip 192.168.119.0 0.0.0.255 host 192.168.96.3
--More--  access-list 119 deny ip 192.168.119.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 119 permit ip 192.168.119.0 0.0.0.255 any
access-list 120 permit ip 192.168.120.0 0.0.0.255 host 192.168.96.1
access-list 120 permit ip 192.168.120.0 0.0.0.255 host 192.168.96.3
access-list 120 deny ip 192.168.120.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 120 permit ip 192.168.120.0 0.0.0.255 any
access-list 121 permit ip 192.168.121.0 0.0.0.255 host 192.168.96.1
access-list 121 permit ip 192.168.121.0 0.0.0.255 host 192.168.96.3
access-list 121 deny ip 192.168.121.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 121 permit ip 192.168.121.0 0.0.0.255 any
access-list 122 permit ip 192.168.122.0 0.0.0.255 host 192.168.96.1
access-list 122 permit ip 192.168.122.0 0.0.0.255 host 192.168.96.3
access-list 122 deny ip 192.168.122.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 122 permit ip 192.168.122.0 0.0.0.255 any
access-list 123 permit ip 192.168.123.0 0.0.0.255 host 192.168.96.1
access-list 123 permit ip 192.168.123.0 0.0.0.255 host 192.168.96.3
access-list 123 deny ip 192.168.123.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 123 permit ip 192.168.123.0 0.0.0.255 any
access-list 124 permit ip 192.168.124.0 0.0.0.255 host 192.168.96.1
access-list 124 permit ip 192.168.124.0 0.0.0.255 host 192.168.96.3
access-list 124 deny ip 192.168.124.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 124 permit ip 192.168.124.0 0.0.0.255 any
access-list 125 permit ip 192.168.125.0 0.0.0.255 host 192.168.96.1
--More--  access-list 125 permit ip 192.168.125.0 0.0.0.255 host 192.168.96.3
access-list 125 deny ip 192.168.125.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 125 permit ip 192.168.125.0 0.0.0.255 any
access-list 126 permit ip 192.168.126.0 0.0.0.255 host 192.168.96.1
access-list 126 permit ip 192.168.126.0 0.0.0.255 host 192.168.96.3
access-list 126 deny ip 192.168.126.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 126 permit ip 192.168.126.0 0.0.0.255 any
access-list 127 permit ip 192.168.127.0 0.0.0.255 host 192.168.96.1
access-list 127 permit ip 192.168.127.0 0.0.0.255 host 192.168.96.3
access-list 127 deny ip 192.168.127.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 127 permit ip 192.168.127.0 0.0.0.255 any
access-list 128 permit ip 192.168.128.0 0.0.0.255 host 192.168.96.1
access-list 128 permit ip 192.168.128.0 0.0.0.255 host 192.168.96.3
access-list 128 deny ip 192.168.128.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 128 permit ip 192.168.128.0 0.0.0.255 any
access-list 129 permit ip 192.168.129.0 0.0.0.255 host 192.168.96.1
access-list 129 permit ip 192.168.129.0 0.0.0.255 host 192.168.96.3
access-list 129 deny ip 192.168.129.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 129 permit ip 192.168.129.0 0.0.0.255 any
access-list 130 permit ip 192.168.130.0 0.0.0.255 host 192.168.96.1
access-list 130 permit ip 192.168.130.0 0.0.0.255 host 192.168.96.3
access-list 130 deny ip 192.168.130.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 130 permit ip 192.168.130.0 0.0.0.255 any
--More--  access-list 131 permit ip 192.168.131.0 0.0.0.255 host 192.168.96.1
access-list 131 permit ip 192.168.131.0 0.0.0.255 host 192.168.96.3
access-list 131 deny ip 192.168.131.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 131 permit ip 192.168.131.0 0.0.0.255 any
access-list 132 permit ip 192.168.132.0 0.0.0.255 host 192.168.96.1
access-list 132 permit ip 192.168.132.0 0.0.0.255 host 192.168.96.3
access-list 132 deny ip 192.168.132.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 132 permit ip 192.168.132.0 0.0.0.255 any
access-list 133 permit ip 192.168.133.0 0.0.0.255 host 192.168.96.1
access-list 133 permit ip 192.168.133.0 0.0.0.255 host 192.168.96.3
access-list 133 deny ip 192.168.133.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 133 permit ip 192.168.133.0 0.0.0.255 any
access-list 134 permit ip 192.168.134.0 0.0.0.255 host 192.168.96.1
access-list 134 permit ip 192.168.134.0 0.0.0.255 host 192.168.96.3
access-list 134 deny ip 192.168.134.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 134 permit ip 192.168.134.0 0.0.0.255 any
access-list 135 permit ip 192.168.135.0 0.0.0.255 host 192.168.96.1
access-list 135 permit ip 192.168.135.0 0.0.0.255 host 192.168.96.3
access-list 135 deny ip 192.168.135.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 135 permit ip 192.168.135.0 0.0.0.255 any
access-list 136 permit ip 192.168.136.0 0.0.0.255 host 192.168.96.1
access-list 136 permit ip 192.168.136.0 0.0.0.255 host 192.168.96.3
access-list 136 deny ip 192.168.136.0 0.0.0.255 192.168.0.0 0.0.255.255
--More--  access-list 136 permit ip 192.168.136.0 0.0.0.255 any
access-list 137 permit ip 192.168.137.0 0.0.0.255 host 192.168.96.1
access-list 137 permit ip 192.168.137.0 0.0.0.255 host 192.168.96.3
access-list 137 deny ip 192.168.137.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 137 permit ip 192.168.137.0 0.0.0.255 any
access-list 138 permit ip 192.168.138.0 0.0.0.255 host 192.168.96.1
access-list 138 permit ip 192.168.138.0 0.0.0.255 host 192.168.96.3
access-list 138 deny ip 192.168.138.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 138 permit ip 192.168.138.0 0.0.0.255 any
access-list 196 permit ip 192.168.96.0 0.0.0.255 any
access-list 198 permit tcp any eq telnet host 69.69.69.134
access-list 199 permit ip any any
dialer-list 1 protocol ip permit
route-map nat permit 10
match ip address 100 101 102 103 104 105 106 107 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138
!
!
!
control-plane
!
banner login ^C
--More--  TEST
^C
!
line con 0
transport output telnet
line aux 0
password 7
transport output telnet
line vty 0 4
access-class 199 in
privilege level 15
password 7
transport input telnet ssh
transport output telnet ssh
line vty 5 15
privilege level 15
transport input telnet ssh
!
scheduler allocate 20000 1000
!
end
 
you have an ACL on your VTY line that is preventing this. It's ACL 199

"I can picture a world without war. A world without hate. A world without fear. And I can picture us attacking that world, because they'd never expect it."
- Jack Handey, Deep Thoughts
 
LOL, let me correct that...I went over the config too fast. 199 says permit, not deny. Sorry

"I can picture a world without war. A world without hate. A world without fear. And I can picture us attacking that world, because they'd never expect it."
- Jack Handey, Deep Thoughts
 
Here is what you need to do...this config is too long to read for me to really put some time into it. But check the ACL that's on the interface that yout trying to telnet into. IE: Fa0/0 Check that ACL to make sure your not denying the traffic in question. More than likely that's your issue. Good luck

"I can picture a world without war. A world without hate. A world without fear. And I can picture us attacking that world, because they'd never expect it."
- Jack Handey, Deep Thoughts
 
I am not trying to telnet into the Fa0/0....I'm trying to telnet into the Dialer1 interface which has a public IP address

Maybe I didn't clarify this before...I'm not trying to through the Internet...NOT through the LAN

Cheers
 
sorry......forgot to mention.....I have no problems telneting through the LAN.........it is only when I try to do it over the Internet that I get the following message...

Could not open connection to the host, on port 23:
Connect failed
 
Look at line VTY 5 15
Is it possible that this group of VTY lines needs to have the ACL applied as well.
 
If you can telnet to the LAN but not the internet-facing interface, there is nothing with your VTY configuration.

Thing I'd look at:

1. Remove ACL 199 from vty 0 4 and dialer1 as it serves no purpose currently. Lock it down once you've resolved this issue.
2. How many concurrent connections are there? Check with 'show user'. If more than 5, configure vty 5 15 the same as vty 0 4.
3. Regarding this firewall you mentioned on your side. I'd run debugs on it and try and ascertain whether your telnet packets are passing from one interface to the other. Check that you're seeing the TCP ACK's from the router.

In my experience, if the problem is a funky one, it's usually a firewall that's responsible.

4. You can combine the debugs on the firewall above with a debug on the router inc 'debug telnet'.
5. Is the negotiated address always the same address or can it vary? Is this the problem if a variable assignment?
 
Hi all and thank you all for your help so far.

I've been struggling with this all day ...again :((

I've tried the following....

First I tried adding the access-list 199 (inbound) to the rest of the vty lines 5 to 15......but this didn't do anything...

Then I completely removed the access-list 199 (as it allows all ip traffic anyway) from all vty lines and the dialer1 interface...but still couldn't telnet

As I have previously said I didn't build the configuration in the first place...and having been looking further into it I found the following strange...

1) why did they put an ip address on the fa 0/0 interface to then use sub-interfaces??

2) the following line on access-list 100 does not seem to make any sense?? does it intend to stop all broad casting??? to me it simply stops host 255.255.255.255 (!!!!!!) to access anywhere

access-list 100 deny ip host 255.255.255.255 any

also, why are they using
access-list 100 deny ip 127.0.0.0 0.255.255.255 any


3) all the other access-lists seem to refer to hosts 192.168.96.1 and 192.168.96.3.........
However, these ip addresses are not used anywhere else in the configuration?? (none of the interfaces relate to either of these addresses)

4) if you take any of the access-lists i.e. below
access-list 101 permit ip 192.168.101.0 0.0.0.255 host 192.168.96.1
access-list 101 permit ip 192.168.101.0 0.0.0.255 host 192.168.96.3
access-list 101 deny ip 192.168.101.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 101 permit ip 192.168.101.0 0.0.0.255 any

aren't lines 3 & 4 redundant??
They seem to be denying traffic from inside the LAN to anywhere else in the LAN (besides 96.1 and 96.3 that is)
and then in the 4th line allowing that same source traffic to go anywhere ..........is this for access to the Internet????

5) Finally, why is he including access-list 100 on the "route-map nat permit 10"

sorry about all these questions........this is my first job in the networking industry after becoming CCNA qualified last July and although I am currently preparing for the CCNP some of the stuff in this configuration seems to be beyond my scope....so any help would be highly appreciated......I have been kind of given the configuration to sort it out but some of the lines just do not make sense .....

Again, thank you......
 
Who is your service provider? I know a lot of providers like Cox block every stinkin port out there (including telnet). Do you have some kind of program that can scan you Wan port? I know there are some proxy-type sites out there that will scan your wan ports and give you a nice printout of what's open. I am willing to bet that your provider is not allowing telnet through.
 
Just a couple of questions -

Have you tried telnetting to another host outside this interface?

What kind of box are you trying to telnet too? Solaris?

 
Are you trying to telnet from your ATM0/0 port to your fa0/0?
 
Our ISP is ZEN

I am trying to telnet to a Cisco Router

Telneting to ATM is un-successful

Telneting to FA 0/0 is successful (VPN first into the LAN)
 
Pull all of your access-lists (groups) off your WAN interface, and then try to telnet.
IE: No access-group XXX in
Then, reapply them when you're done. If you are able to telnet when there are no ACL's, then you know the issue is in one of those lines. If you still can't telnet after removing the ACL's, at least you know they aren't the cause.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top