08-20-2012 02:06 PM - edited 03-04-2019 05:19 PM
I have a Cisco 2600 with an ADSL WIC installed.
I get an IP from my ISP, NAT works, etc. but I cannot SSH in remotely (even with all access lists removed from my Dialer interface).
Wondering if I'm missing something obvious.
Is there anything glaring wrong with my config that would prevent incomming traffic? I can ssh into the device locally, so SSH is indeed enabled.
Cisco 2621XM
c2600-advipservicesk9-mz.124-19.bin"
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname SL2600
!
boot-start-marker
boot system flash:c2600-advipservicesk9-mz.124-19.bin
boot-end-marker
!
enable secret <SNIP>
!
no aaa new-model
no network-clock-participate slot 1
no network-clock-participate wic 0
ip cef
no ip dhcp use vrf connected
ip name-server 4.2.2.2
ip inspect name firewall udp
ip inspect name firewall tcp
ip inspect name firewall http java-list 10
ip inspect name firewall https
ip inspect name firewall ftp
ip inspect name firewall icmp
ip inspect name firewall dns
ip inspect name firewall ntp
ip inspect name firewall tftp
ip inspect name firewall realaudio
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
username admin privilege 15 <SNIP>
!
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 5
!
!
bridge irb
!
!
interface FastEthernet0/0
description "Switch Management"
ip address 192.168.1.2 255.255.255.0
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1452
duplex auto
speed auto
hold-queue 100 out
!
interface FastEthernet0/0.1
encapsulation dot1Q 1 native
ip address 10.10.0.254 255.255.0.0
ip nat inside
ip virtual-reassembly
!
!
interface ATM0/1
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
no atm ilmi-keepalive
bundle-enable
dsl operating-mode auto
hold-queue 224 in
!
interface ATM0/1.1 point-to-point
description $FW_OUTSIDE$$ES_WAN$
pvc 0/35
pppoe-client dial-pool-number 2
!
!
interface Dialer1
description WAN
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1492
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 2
dialer-group 2
no cdp enable
ppp authentication chap pap callin
ppp chap hostname <SNIP>
ppp chap password 7 <SNIP>
ppp pap sent-username <SNIP>
!
ip route 0.0.0.0 0.0.0.0 Dialer1 permanent
!
ip access-list extended INPUT_ACL
permit ip any any
!
ip access-list extended NAT_ACL
permit ip any any
!
!
line con 0
exec-timeout 120 0
logging synchronous
login local
transport output telnet ssh
stopbits 1
line aux 0
login local
transport output telnet ssh
line vty 0 4
privilege level 15
password 7 144F37232E0778253662
login
length 0
transport input ssh
transport output telnet ssh
!
Solved! Go to Solution.
08-20-2012 02:32 PM
conf t
ip access-list extended NAT_ACL
no permit ip any any
permit ip 10.10.0.0 0.255.255.255
08-20-2012 02:32 PM
conf t
ip access-list extended NAT_ACL
no permit ip any any
permit ip 10.10.0.0 0.255.255.255
08-20-2012 02:34 PM
Haha thanks!
08-20-2012 03:16 PM
Thank you for the nice rating and good luck!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: