How to enable Telnet

Ok this is going to be really simple to answer, so it should be 500 easy points.

I have a Cisco 1720 with a WIC-1ADSL.

For as long as I can remember I have tried to find out how to do this and just have not been able to work it out.

How do I enable telnet to the cisco box on the IP Address assigned to the WIC Card by my ISP?

My ISP assigns the IP Address to my Cisco, I use interface dialer 0.

Once the IP Address is assigned I can not telnet to my router from the Internet, it just does not work, I know the packet is arriving because I can see it on the access lists!!  But the connection does not work, the Cisco just drops it.

I am also unable to telnet from the Internal Ethernet Network to the IP address assigned by my provider.



LVL 11
Who is Participating?

Improve company productivity with a Business Account.Sign Up

rowansmithConnect With a Mentor Author Commented:
Wow... i just found another post at:

Says I need to create a NAT rule - so I did....

ip nat inside source static tcp 22 interface Dialer0 22
ip nat inside source static tcp 23 interface Dialer0 23

And it works - both SSH and TELNET!!!

Weird, I do not understand why I need to NAT Telnet/SSH to the internal interface, it is still like the servers are not listening on the external interface...

I am sure I am still missing something because I think I should be able to manage the router by just going straight to the outside interface....

Later I will turn off NAT and then see if I can get straight to the outside interfaces, maybe NAT overides any listening services?
that1guy15Connect With a Mentor Commented:
Make sure your ACL allows telnet through and then console into the router and enter these commands

config t
line vty 0 4
password cisco (what ever password you want)

This will enable telnet access from any interface on the router.
rowansmithAuthor Commented:
Already have that I can telnet from my internal ethernet network, but not from the internet side.  Have never been able to.

I know this because I once went through the effort of making sure that my Router was not accessible from the Internet and that I had the right access lists in place to prevent this, I discovered that even with NO access lists, I am unable to Telnet to the ADSL interface.  So if I remove all the CBAC and all the ACLs (except the one for the dialer :-) ) It still dosn't work.

I don't really want Telnet to work - I just want to understand why it is not working because at the moment the router's external interface is secured from telnet access via some default means that i do not understand.

By the way, my SSH dosn't work either - this I do want to get to work.

Here is the config:

Current configuration : 3137 bytes
! Last configuration change at 15:46:40 UTC Fri Nov 9 2007
! NVRAM config last updated at 15:46:42 UTC Fri Nov 9 2007
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec localtime show-timezone
no service password-encryption
hostname c1720
logging buffered 8192 debugging
logging console errors
memory-size iomem 25
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
aaa new-model
aaa session-id common
ip subnet-zero
ip domain name
ip name-server XXXXXXXXXX
ip name-server XXXXXXXXXX
ip dhcp excluded-address
ip dhcp excluded-address
ip dhcp pool Home-Pool
   domain-name home.XXXXXXXXX
   update arp
no ip bootp server
ip cef
ip inspect name myfw tcp
ip inspect name myfw udp
ip inspect name myfw ftp
ip audit po max-events 100
username admin password 0 XXXXXXX
ip ssh authentication-retries 2
interface ATM0
 no ip address
 no atm ilmi-keepalive
 dsl operating-mode auto
interface ATM0.1 point-to-point
 pvc 0/100
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
interface Ethernet0
 no ip address
interface FastEthernet0
 ip address
 ip access-group INT-In in
 ip nat inside
 ip inspect myfw in
 speed auto
interface Dialer0
 ip address negotiated
 ip access-group EXT-In in
 no ip redirects
 no ip unreachables
 ip nat outside
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 no cdp enable
 ppp pap sent-username XXXXXXXXXXXX password 0 XXXXXXXXXXXXXX
 ppp ipcp dns request
ip nat inside source list 1 interface Dialer0 overload
ip classless
ip route Dialer0
ip route
no ip http server
no ip http secure-server
ip access-list extended EXT-In
 permit tcp any any eq 22 log
 permit tcp any any eq telnet log
 deny   tcp any any eq 29947
 deny   udp any any eq 29947
 deny   ip any any log
ip access-list extended INT-In
 permit ip any host
 permit ip any host
 deny   ip any host
 deny   ip any log
 deny   ip any log
 deny   ip any log
 deny   ip any log
 permit icmp any any
 permit udp any any eq domain
 permit tcp any any eq domain
 permit tcp any any eq 22
 permit tcp any any eq www
 permit tcp any any eq 443
 permit tcp any any eq ftp
 permit ip any host
 permit ip any host
 permit ip any host
 permit tcp host any
 permit udp host any
 deny   ip any any log
logging history informational
access-list 1 permit any
dialer-list 1 protocol ip permit
no cdp run
snmp-server community XXXXXX RO
snmp-server enable traps tty
line con 0
line aux 0
line vty 0 4
 password XXXXXXXX
Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

The only thing i see missing from you config is the login command under your vty interface.

If you are trying to get SSH set up on your router it looks like you only need to set it up under the VTY interface and allow it in the ACl.

Here is a good link that will explain how to configure SSH all the way through in case i looked over something in you config.
rowansmithAuthor Commented:
I have tried adding the login command as well, after I saw it in your post.  I actually can not add just "login" it is not an option but I added the following two commands:

aaa authentication login default local
login authentication default

If I add the "login authentication default" to the line it just disappears from teh config anyway - so I guess it is implied anyway.

below is the Cisco output for the line vty 0 4 ....

c1720(config)#line vty 0 4
c1720(config-line)#login ?
  authentication  Authentication parameters.
  ctrlc-disable   Disable CONTROL-C during login.

c1720(config-line)#login auth
c1720(config-line)#login authentication ?
  WORD     Use an authentication list with this name.
  default  Use the default authentication list.

c1720(config-line)#login authentication defa
c1720(config-line)#login authentication default ?

c1720(config-line)#login authentication default
rowansmithAuthor Commented:
I am not trying to fix SSH in this question, but interestingly SSH works fine from the internal network, again it does not work from the Internet... smae symptoms as Telnet.
rowansmithAuthor Commented:
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.