rowansmith
asked on
How to enable Telnet
Ok this is going to be really simple to answer, so it should be 500 easy points.
I have a Cisco 1720 with a WIC-1ADSL.
For as long as I can remember I have tried to find out how to do this and just have not been able to work it out.
How do I enable telnet to the cisco box on the IP Address assigned to the WIC Card by my ISP?
My ISP assigns the IP Address to my Cisco, I use interface dialer 0.
Once the IP Address is assigned I can not telnet to my router from the Internet, it just does not work, I know the packet is arriving because I can see it on the access lists!! But the connection does not work, the Cisco just drops it.
I am also unable to telnet from the Internal Ethernet Network to the IP address assigned by my provider.
Thanks.
-Rowan
I have a Cisco 1720 with a WIC-1ADSL.
For as long as I can remember I have tried to find out how to do this and just have not been able to work it out.
How do I enable telnet to the cisco box on the IP Address assigned to the WIC Card by my ISP?
My ISP assigns the IP Address to my Cisco, I use interface dialer 0.
Once the IP Address is assigned I can not telnet to my router from the Internet, it just does not work, I know the packet is arriving because I can see it on the access lists!! But the connection does not work, the Cisco just drops it.
I am also unable to telnet from the Internal Ethernet Network to the IP address assigned by my provider.
Thanks.
-Rowan
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
The only thing i see missing from you config is the login command under your vty interface.
If you are trying to get SSH set up on your router it looks like you only need to set it up under the VTY interface and allow it in the ACl.
Here is a good link that will explain how to configure SSH all the way through in case i looked over something in you config.
http://articles.techrepublic.com.com/5100-10878_11-5875046.html
If you are trying to get SSH set up on your router it looks like you only need to set it up under the VTY interface and allow it in the ACl.
Here is a good link that will explain how to configure SSH all the way through in case i looked over something in you config.
http://articles.techrepublic.com.com/5100-10878_11-5875046.html
ASKER
I have tried adding the login command as well, after I saw it in your post. I actually can not add just "login" it is not an option but I added the following two commands:
aaa authentication login default local
login authentication default
If I add the "login authentication default" to the line it just disappears from teh config anyway - so I guess it is implied anyway.
below is the Cisco output for the line vty 0 4 ....
c1720(config)#line vty 0 4
c1720(config-line)#login ?
authentication Authentication parameters.
ctrlc-disable Disable CONTROL-C during login.
c1720(config-line)#login auth
c1720(config-line)#login authentication ?
WORD Use an authentication list with this name.
default Use the default authentication list.
c1720(config-line)#login authentication defa
c1720(config-line)#login authentication default ?
<cr>
c1720(config-line)#login authentication default
c1720(config-line)#^Z
aaa authentication login default local
login authentication default
If I add the "login authentication default" to the line it just disappears from teh config anyway - so I guess it is implied anyway.
below is the Cisco output for the line vty 0 4 ....
c1720(config)#line vty 0 4
c1720(config-line)#login ?
authentication Authentication parameters.
ctrlc-disable Disable CONTROL-C during login.
c1720(config-line)#login auth
c1720(config-line)#login authentication ?
WORD Use an authentication list with this name.
default Use the default authentication list.
c1720(config-line)#login authentication defa
c1720(config-line)#login authentication default ?
<cr>
c1720(config-line)#login authentication default
c1720(config-line)#^Z
ASKER
I am not trying to fix SSH in this question, but interestingly SSH works fine from the internal network, again it does not work from the Internet... smae symptoms as Telnet.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks!
ASKER
I know this because I once went through the effort of making sure that my Router was not accessible from the Internet and that I had the right access lists in place to prevent this, I discovered that even with NO access lists, I am unable to Telnet to the ADSL interface. So if I remove all the CBAC and all the ACLs (except the one for the dialer :-) ) It still dosn't work.
I don't really want Telnet to work - I just want to understand why it is not working because at the moment the router's external interface is secured from telnet access via some default means that i do not understand.
By the way, my SSH dosn't work either - this I do want to get to work.
Here is the config:
Current configuration : 3137 bytes
!
! Last configuration change at 15:46:40 UTC Fri Nov 9 2007
! NVRAM config last updated at 15:46:42 UTC Fri Nov 9 2007
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec localtime show-timezone
no service password-encryption
!
hostname c1720
!
boot-start-marker
boot-end-marker
!
logging buffered 8192 debugging
logging console errors
enable secret 5 XXXXXXXXXXXXXXXXXXXXXXXXXX
!
memory-size iomem 25
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
aaa new-model
!
!
aaa session-id common
ip subnet-zero
!
!
ip domain name home.smith.gen.nz
ip name-server XXXXXXXXXX
ip name-server XXXXXXXXXX
ip dhcp excluded-address 192.168.1.1 192.168.1.63
ip dhcp excluded-address 192.168.1.250 192.168.1.255
!
ip dhcp pool Home-Pool
network 192.168.1.0 255.255.255.0
domain-name home.XXXXXXXXX
default-router 192.168.1.1
dns-server XXXXXXXXXXXX XXXXXXXXXX
update arp
!
no ip bootp server
ip cef
ip inspect name myfw tcp
ip inspect name myfw udp
ip inspect name myfw ftp
ip audit po max-events 100
!
!
username admin password 0 XXXXXXX
!
!
ip ssh authentication-retries 2
!
!
!
!
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
pvc 0/100
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface Ethernet0
no ip address
shutdown
full-duplex
!
interface FastEthernet0
ip address 192.168.1.1 255.255.255.0
ip access-group INT-In in
ip nat inside
ip inspect myfw in
speed auto
!
interface Dialer0
ip address negotiated
ip access-group EXT-In in
no ip redirects
no ip unreachables
ip nat outside
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp pap sent-username XXXXXXXXXXXX password 0 XXXXXXXXXXXXXX
ppp ipcp dns request
!
ip nat inside source list 1 interface Dialer0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route 192.168.2.0 255.255.255.0 192.168.1.74
no ip http server
no ip http secure-server
!
!
!
ip access-list extended EXT-In
permit tcp any any eq 22 log
permit tcp any any eq telnet log
deny tcp any any eq 29947
deny udp any any eq 29947
deny ip any any log
ip access-list extended INT-In
permit ip any host 192.168.1.1
permit ip any host 255.255.255.255
deny ip any host 192.168.1.255
deny ip any 10.0.0.0 0.255.255.255 log
deny ip any 172.16.0.0 0.15.255.255 log
deny ip any 192.168.0.0 0.0.255.255 log
deny ip any 169.254.0.0 0.0.255.255 log
permit icmp any any
permit udp any any eq domain
permit tcp any any eq domain
permit tcp any any eq 22
permit tcp any any eq www
permit tcp any any eq 443
permit tcp any any eq ftp
permit ip any host 203.144.35.129
permit ip any host 203.144.32.4
permit ip any host 203.144.32.10
permit tcp host 192.168.1.64 any
permit udp host 192.168.1.64 any
deny ip any any log
logging history informational
logging 192.168.1.68
access-list 1 permit any
dialer-list 1 protocol ip permit
no cdp run
!
snmp-server community XXXXXX RO
snmp-server enable traps tty
!
!
line con 0
line aux 0
line vty 0 4
password XXXXXXXX
!
end