• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 673
  • Last Modified:

Can't Telnet into Cisco C827 router from Internet

Can't telnet to router from Internet side.

I have a Cisco C827 router that I can telnet to on my internal interface, but not the external.  Here's the configuration...

!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname elantech
!
enable xxxxxxxxxxxxxxxxxxxx.
enable password xxxxxxxxxxxxxxxx
!
ip subnet-zero
!
ip flow-cache timeout active 1
!
!
!
interface Ethernet0
 ip address 10.0.0.1 255.0.0.0
 ip nat inside
 ip route-cache flow
 hold-queue 100 out
!
interface ATM0
 no ip address
 ip route-cache flow
 no atm ilmi-keepalive
 pvc 1/1
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !
 dsl operating-mode auto
!
interface Dialer0
 ip address xxxxxxxxxxxxxxxxxx 255.255.255.248
 ip nat outside
 encapsulation ppp
 ip route-cache flow
 dialer pool 1
 ppp pap sent-username xxxxxxxxxx password xxxxxxxxxxxxxxxxxx
!
interface Dialer1
 no ip address
 no cdp enable
!
ip nat pool gate xxxxxxxxxxxxxxxxxxxxxxx netmask 255.255.255.248
ip nat inside source list 101 pool gate overload
ip nat inside source static tcp 10.0.0.2 1723 xxxxxxxxxxxxx1723 extendable
ip nat inside source static 10.0.0.148 xxxxxxxxxxxxxxxx
ip nat inside source static 10.0.0.98 xxxxxxxxxxxxxxxxxxx
ip nat inside source static 10.0.0.151 xxxxxxxxxxxxxxxxx
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
ip http server
ip flow-export source ATM0
ip flow-export version 5
ip flow-export destination xxxxxxxxxxxxxxxx 2055
!
access-list 10 permit xxxxxxxxxxxxxxxxx
access-list 10 deny   any
snmp-server community xxxxxxxxxxxxxxxxxxx RW 10
snmp-server ifindex persist
!
line con 0
 stopbits 1
line vty 0 4
 password xxxxxxxxxxxxxxxxx
 login
!
scheduler max-task-time 5000
end

Is there anything missing from my config?
0
swlexpert
Asked:
swlexpert
  • 2
  • 2
  • 2
2 Solutions
 
swlexpertAuthor Commented:
I can successfully establish a VPN session to a server behind the router, and I can also establish a Remote Desktop Connection to a server.  I can ping the public interface, and from the 827 I can ping my PC.  After I RDP to the server (from the inside of the network) I can Telnet to both internal and external interfaces.  I've tried Telnet from 2 different networks and always get same error:
Connecting To xxxxxxxxxxxxxxxx ...Could not open connection to the host, on port 23:
 Connect failed
0
 
illogikCommented:
Have you ever been able to telnet to this cisco?  I know several mom and pop broadband providers like to block telnet and ssh on their networks what ever reason or even if their modem has been bridged I've seen a couple that will still have the firewall enabled when the modem cannot be truly bridged.

The cisco looks fine to me, I mean basically all you need to enable telnet is

line vty 0 4
password blahblah
login

Maybe try enabling SSH since it uses a different port from telnet and see if that works.  Just go into config mode and type:  "crypto key generate rsa" and for bits I usually set it to 1024.  You can SSH using a program called Putty or Teraterm, or if you're in linux just do "ssh <ip>"
0
 
atf1084Commented:
I have seen this happen on 827's with early versions of IOS 12.. the only way i could get around it was to create a port address translation to the internal ip address of the router

ip nat inside source static tcp 10.0.0.1 23 <global address> 23 ext
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
atf1084Commented:
i have also had this happen with 828 routers... It is also highly recommended if you are going to allow access from the outside to setup access lists to prevent unauthorised access to the router (they won't even get a password prompt)


First, setup an access list for the hosts or networks allowed access (if you want access for the lan you will also have to add that network (10.0.0.0/8)


access-list 23 permit <host>
AND/OR
access-list 23 permit <network> <Wildcard bits (inverted subnet mask eg. 0.255.255.255 for /8)>

Then apply to vty

line vty 0 4
 access-class 23 in


0
 
swlexpertAuthor Commented:
I was going to try to implement some of your suggestions and when I tested Telnet it was allowing me access from the Internet without any changes.  I compared the configs and they were identical.  The only change was that the router had been rebooted since my last attempt.  I hadn't tried before then.  Thanks for the comments.
0
 
illogikCommented:
Oh, then what it probably was then is your telnet sessions hadn't timed out from when you previously telnetted into the router.  Make sure to set under "line vty 0 4" a time out like "exec-timeout 120 0".  

To check this you can do a "show line" in the cisco and it will show if you have sessions that haven't timed out that need to be cleared.  
0

Featured Post

Receive 1:1 tech help

Solve your biggest tech problems alongside global tech experts with 1:1 help.

  • 2
  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now