Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1501
Views
5
Helpful
6
Replies

Telnet Blocked on Public IP

CCIE Aspirant
Level 1
Level 1

‎06-14-2021 12:12 AM

Hi,

 

I have configured some Public loopbacks on my router and when i try to telnet to my router through the Local network it can let me go inside but when i try to telnet router through these Public IP from outside then it is not allowing me. this happens to only one of our /22 subnets. i tried to do on our other subnets and it is working ( from local and from outside).

 

we do not have any firewall connected to that router and there is no policy on router to block ssh or telnet.

 

so kindly let me know how can i resolve this issue. 

6 Replies 6

paul driver
VIP
VIP

‎06-14-2021 12:24 AM - edited ‎06-14-2021 12:39 AM

Hello
It sounds like you either have an access-list negating access, only allowing mgt access on a specific interface (Lan interface) or your public subnets are not being advertsied correctly.

On the device you can check to see if you have any policy negating this access.

 

sh run | be line
sh access-list
sh management-interface


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

Georg Pauwen
VIP
VIP

‎06-14-2021 12:25 AM

Hello, 

 

can that particular /22 subnet (which is connected on the outside as I understand it) ping the IP address of the outside interface, as well as the IP addresses of the public loopback interfaces ? If possible, post the full running configuration of your router...

0 Helpful

CCIE Aspirant
Level 1
Level 1
In response to Georg Pauwen

‎06-14-2021 12:31 AM

thanks for the reply,

i can ping the IP from anywhere even from my mobile but just through  that particular subnet i am ubable to access my router. with other loopbacks i can access the router from anywhere.

 

0 Helpful

Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to CCIE Aspirant

‎06-14-2021 12:50 AM

Hello @CCIE Aspirant ,

use a looking glass and check the traceroute for each of the public subnets.

Verify if also the subnet that does not allow SSH actually arrives at your router.

 

If not there is an overlapping with another customer of your ISP.

 

Hope to help

Giuseppe

 

0 Helpful

CCIE Aspirant
Level 1
Level 1
In response to Giuseppe Larosa

‎06-14-2021 12:56 AM

Thanks for the reply,

all traceroutes coming to our router and it is not overlapping by any other customer.

i have checked all the policy if some can block but it is clear. do i have to ask my ISP or my be open Ticket with RIPE. i dont know what to do.

 

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to CCIE Aspirant

‎06-14-2021 12:04 PM

I believe that it would be helpful if we could see the complete config. But as a start can we see the output of show run | begin vty

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card