Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations biv343 on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Remote Telnet Issues

Status
Not open for further replies.
jfklives

jfklives

ISP
Sep 3, 2008
12
US
I'm honestly embarassed asking this question but for the life of me I've been unable to resolve the issue. ICMP makes it to ingress but telnet fails from remote subnets. There is another router in front of this device on the same subnet as the ingress, with no ACL's, and this device has no problems with telnet. Anything coming from the internet cannot get a login prompt.

!
interface FastEthernet0/0
ip address x.x.x.37 255.255.255.248
duplex auto
speed auto
!
!
ip classless
ip route 0.0.0.0 0.0.0.0 x.x.x.33
!
line vty 0 4
password cisco
login
!

I've also tried adding "transport input telnet", but that did not correct my problem.
 
Sort by date Sort by votes
Do you have a password and "login" command set on line vty 0 4? Also, is the router in question have private IP addresses on both ingress and egress interfaces? If so, you'll need a static NAT in the first router.
One more thing---I would NOT telnet across the internet! Try ssh if possible---telnet can be sniffed and sends info in clear text, not encrypted whatsoever...

Burt
 
Upvote 0 Downvote
Yes, the vty is configured as follows:

!
line vty 0 4
password cisco
login
!

No, the ingress is public.

I understand the security concerns with telnet but am this is just a temp setup while I convert over from my Netscreen. SSH will be implemented down the line.
 
Upvote 0 Downvote
post a sh run---how can you have one router on the edge with a public and a router behind it with another public? Can you ping from the outside?

Burt
 
Upvote 0 Downvote
The 1841 in question has another router in front (.33) that's used as it's gateway. The details how/why are irrelevant. There are no filters going to the .37. Another device, my Netscreen (.34), is also pointed to .33 with no issues.

Here's the config:

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname c1841
!
boot-start-marker
boot-end-marker
!
enable cisco
!
no aaa new-model
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
ip cef
!
interface FastEthernet0/0
ip address x.x.x.37 255.255.255.248 <--- Public
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet0/0/0
!
interface FastEthernet0/0/1
!
interface FastEthernet0/0/2
!
interface FastEthernet0/0/3
!
interface Vlan1
ip address 192.168.2.1 255.255.255.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 x.x.x.33 <-- public
!
ip http server
no ip http secure-server
!
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
password cisco
login
no exec
transport input telnet
!
end

As I mentioned earlier, I can ping the ingress just fine from any external sites. When nat is configured I can reach the internet with no troubles. For some reason, I just cannot get a telnet prompt on that .37 IP address.
 
Upvote 0 Downvote
Additional information:

c1841#sho ver
Cisco IOS Software, 1841 Software (C1841-ADVSECURITYK9-M), Version 12.4(3g), RELEASE SOFTWARE (fc2)
Technical Support: Copyright (c) 1986-2006 by Cisco Systems, Inc.
Compiled Mon 06-Nov-06 01:09 by alnguyen

ROM: System Bootstrap, Version 12.3(8r)T9, RELEASE SOFTWARE (fc1)

c1841 uptime is 1 hour, 59 minutes
System returned to ROM by reload at 17:35:25 UTC Fri Sep 19 2008
System image file is "flash:c1841-advsecurityk9-mz.124-3g.bin"
.
.
Cisco 1841 (revision 6.0) with 234496K/27648K bytes of memory.
Processor board ID FTX1108Z2HN
6 FastEthernet interfaces
1 Virtual Private Network (VPN) Module
DRAM configuration is 64 bits wide with parity disabled.
191K bytes of NVRAM.
62720K bytes of ATA CompactFlash (Read/Write)

Configuration register is 0x2102

c1841#sho inv
NAME: "1841 chassis", DESCR: "1841 chassis, Hw Serial#: xxxxxxx, Hw Revision: 6.0"
PID: CISCO1841 , VID: V04 , SN: xxxxxxx

NAME: "C1841 Motherboard with 2 Fast Ethernet", DESCR: "C1841 Motherboard with 2 Fast Ethernet"
PID: CISCO1841 , VID: 6.0, SN: xxxxxxx

NAME: "WIC/HWIC 0", DESCR: "4 Port FE Switch"
PID: HWIC-4ESW , VID: V01 , SN: xxxxxxx
 
Upvote 0 Downvote
The routing is not screwed up. I've verified all six public IP's and they route correctly past that device.
 
Upvote 0 Downvote
Adding do that, if ICMP can get through and I can get out, then the routing is obviously not screwed.
 
Upvote 0 Downvote
All I wanted to know is if the in and out interfaces of the edge router are in the same subnet, and that router is bridging...
Sorry if I can't help without more information. Perhaps you should get rid of the router in front...

Burt
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

DrB0b
  • Locked
  • Question
Known issues or dangers in purchasing L3 switches that are used
Replies
3
Views
220
CASSBusinessSystems
CASSBusinessSystems
bmiller23
  • Locked
  • Question
Issues Between Cisco Network &amp; NVT Phybridge POLRE 8 Port Extender
Replies
13
Views
528
VinceWhirlwind
VinceWhirlwind
acollard83
  • Locked
  • Question
Login Issues
Replies
3
Views
132
nyy1023
nyy1023
ths0210
  • Locked
  • Question
Cisco 4G LTE Router - WiFi Issues
Replies
0
Views
131
ths0210
ths0210
CAROST
  • Locked
  • Question
Cisco 2911 and AT&amp;T 3xT1 issues
Replies
5
Views
190
burtsbees
burtsbees

Part and Inventory Search

Sponsor

Back
Top