Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3439
Views
5
Helpful
7
Replies

Unable to telnet from outside Cisco 877

Go to solution
faizal_vi
Level 1
Level 1

‎09-04-2012 04:03 AM - edited ‎03-04-2019 05:27 PM

Hi,

I am facing an issue with a cisco 877 router. I am not able to telnet to this router from outside using the public IP. I have also notices this works when the Nat is removed.

Config file is attached for reference.

Appreciate if anyone can suggest the solution to it.

Faizal

Labels:
134395-IS-CIS.txt.zip
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
paul.capusneanu
Level 1
Level 1

‎09-04-2012 05:17 AM

Hi Faizal,

You don't need to use that route map for the NAT, just use the ACL. In the ACL I can see a permit any that you should not use with NAT(Cisco doesn't recomment using permit any with NAT as it consumes to much resouces). Please specify the range of ip that you want to use NAT. I think that is why you cannot telnet from outside only if you disable NAT.

Please let me know if this worked.

Take care,

PaulC

View solution in original post

0 Helpful
7 Replies 7

Go to solution
Sandeep Choudhary
VIP Alumni
VIP Alumni

‎09-04-2012 04:24 AM

Hi Faizal,

Can you ping it ?

Can you traceroute to it.

Can u telnet from inside?

Do you have a route to get out of your home network?

Try with this:  ip route 0.0.0.0 0.0.0.0

Regards

Please rate if it helps.      

0 Helpful

Go to solution
faizal_vi
Level 1
Level 1
In response to Sandeep Choudhary

‎09-04-2012 04:29 AM

Hi Sandeep,

Yes, I can ping it from outside, I can traceroute to it from outiside and also telnet is working from inside.

There is a default to route to go outside.

Faizal

0 Helpful

Go to solution
Sandeep Choudhary
VIP Alumni
VIP Alumni
In response to faizal_vi

‎09-04-2012 04:59 AM

In your ACL NAT_ACL please  change:

permit ip any any to:

permit ip 192.168.12.0 0.0.0.255 any

and then try??

Regards

Please rate if it helps.

Go to solution
paul.capusneanu
Level 1
Level 1

‎09-04-2012 05:17 AM

Hi Faizal,

You don't need to use that route map for the NAT, just use the ACL. In the ACL I can see a permit any that you should not use with NAT(Cisco doesn't recomment using permit any with NAT as it consumes to much resouces). Please specify the range of ip that you want to use NAT. I think that is why you cannot telnet from outside only if you disable NAT.

Please let me know if this worked.

Take care,

PaulC

0 Helpful

Go to solution
chad patterson
Level 1
Level 1
In response to paul.capusneanu

‎11-13-2012 10:31 AM

Alessio,

this line:

          ip access-list 101 permit tcp 192.168.12.0 0.0.0.255 host 91.72.59.154 eq 23

is redundant when it follows this line:

          ip access-list 101 permit ip 192.168.12.0 0.0.0.255 host 91.72.59.154

because "permit ip" includes tcp, udp and icmp.

0 Helpful

Go to solution
Alessio Andreoli
Level 5
Level 5

‎09-04-2012 05:32 AM

ip access-list extended VPN_TRAFFIC

permit ip 192.168.12.0 0.0.0.255 host 91.72.59.154

did you try to add that?

By the way you should do something different:

ip access-list 101 permit ip 192.168.12.0 0.0.0.255 host 91.72.59.154

ip access-list 101 permit tcp      192.168.12.0 0.0.0.255 host 91.72.59.154 eq 23

line vty 0 4

ip access-class 101 in

Let me know

Alessio

0 Helpful

Go to solution
chad patterson
Level 1
Level 1

‎02-25-2013 09:28 AM

Had this same issue. Resolved it by removing the ACL statement

permit ip any any

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card