Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5685
Views
0
Helpful
8
Replies

Able to ping But unable to Telnet - "Connection Refused"

D Prasanna Kumar Reddy
Level 1
Level 1

‎01-11-2017 10:14 PM - edited ‎03-08-2019 08:53 AM

Hi All,

 

This is a bit awkward.

 

I am able to ping the device, But unable to telnet WAN IP - "Connection Refused"

 

Asked customer to provide a PC which is in LAN IP Pool, I am able to telnet the router using LAN IP From LAN PC.

 

I have tried following things:

 

- Checked routing - Tried to login from Point to Point Link (/30), WAN IP is saying "Connection Refused"

- Check ACL Under Line VTY, Interfaces Inbound and Outbound.

- Able to ping Router to Core Router and vice versa.

Router Model: C887VA-K9

IOS : 15.3

Thanks & Regards,
Prasanna Kumar Desireddy

1 person had this problem
Labels:
0 Helpful
8 Replies 8

Rolf Fischer
Level 9
Level 9

‎01-11-2017 11:11 PM

Hello,

could you share the output of

  • the line vty part of the running config
  • show line vty 0 ! (if necessary, replace the '0' with a line number you're using)

What happens when you try to telnet the router from the CLI?

router#show ip int brief loop0
Interface              IP-Address      OK? Method Status                Protocol
Loopback0              192.168.1.1     YES NVRAM  up                    up

router#telnet 192.168.1.1
Trying 192.168.1.1 ... Open
[Connection to 192.168.1.1 closed by foreign host]

[in the example here only SSH is allowed as transport Input protocol.]

HTH
Rolf

0 Helpful

D Prasanna Kumar Reddy
Level 1
Level 1
In response to Rolf Fischer

‎01-11-2017 11:41 PM

Hi Rolf,

Many thanks for your reply.

Here the Run Config of Line

line con 0
login local
no modem enable
line aux 0
line vty 0 4
privilege level 15
login local
transport input all
line vty 5 15
privilege level 15
login local
transport input all

I am getting  Connection Refused Message as soon a i telent with WAN IP.

Thanks & Regards,
Prasanna Kumar Desireddy

0 Helpful

devils_advocate
Level 7
Level 7
In response to D Prasanna Kumar Reddy

‎01-12-2017 12:19 AM

Can you paste the full config?

Your vty lines do not have an Access List applied meaning anybody on the internet (assuming its Public facing) can Telnel/SSH to your Router. 

0 Helpful

D Prasanna Kumar Reddy
Level 1
Level 1
In response to devils_advocate

‎01-12-2017 12:50 AM

Hi, 

Yes Indeed, Anyone can telnet to my router, I have removed the existing ACL on Line Interface.

Here the Running Configuration. 


Building configuration...

Current configuration : 5273 bytes
!

version 15.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ************
!
boot-start-marker
boot-end-marker
!
aqm-register-fnf
!
logging buffered 51200 warnings
!
no aaa new-model
!
crypto pki trustpoint TP-self-signed-774444764
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-774444764
revocation-check none
rsakeypair TP-self-signed-774444764
!
!
crypto pki certificate chain TP-self-signed-774444764
certificate self-signed 01
30820229 30820192 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 37373432 32323736 34301E17 0D313530 34303231 30303034
315A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3737 34323232
37363430 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
994D50F6 13B0BF44 EACC7C02 2AC2D670 896BAAFC EFB7AF14 B8C4E88A CC95001C
2BE50C23 BFE94DED 349985AE 86D61CD4 E4A26AFF 0DC400FC 29F7BA2C FE357BF9
A41C2CCC 896B171F 6332AC7C 1856601D FF05F22E D49A76B2 17EA7C32 F7658ABE
6D00875A 52FCA888 99DDD26D A30E9E76 943F660E 7938479C 271C8EB5 844D37B7
02030100 01A35330 51300F06 03551D13 0101FF04 05300301 01FF301F 0603551D
23041830 168014BC 7B292DBC 974C3A13 07684E5C C20B5EA6 97C80E30 1D060355
1D0E0416 0414BC7B 292DBC97 4C3A1307 684E5CC2 0B5EA697 C80E300D 06092A86
4886F70D 01010505 00038181 00495E99 38B7F712 961BAE1B 9DACCBC7 7A48D12E
BAF4CF00 02C8F4F6 34830814 2CF9CF4F CEAED6FE 5362AC3F 16C55CC4 A8748E51
B1E14190 8AAF2FB5 7A1B2721 46A882B5 B9585AAB 60C4AE03 C49B4A11 4A88CF95
878FBF3A ED48B221 D1EE1004 94C0AE12 BCC16FAD 31EFA196 0AB555FE 83EC27A8
089F33F0 BD59F62D 801E0BF1 35
quit
!
!
!
!


!
ip dhcp excluded-address ************
!
ip dhcp pool LAN
network **********
default-router *********
dns-server ******** *********

no ip domain lookup
ip domain name yourdomain.com
ip cef
no ipv6 cef
!
!
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
license udi pid C887VA-K9 sn *******
!
!
username ****** privilege 15 password 0 ********

controller VDSL 0
!
!
!
!
!
!
!
!
!
!
!
interface ATM0
no ip address
no atm ilmi-keepalive
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface Ethernet0
no ip address
shutdown
!
interface FastEthernet0
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!

interface Vlan1
ip address ******** 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface Dialer0
ip address negotiated
ip flow ingress
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname 0********
ppp chap password 0 *************
ppp ipcp route default
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000

ip nat inside source list 101 interface Dialer0 overload
ip nat inside source static tcp ******* 80 ****** 80 extendable
!
dialer-list 1 protocol ip permit
!
snmp-server community *****RO ******
snmp-server location **********
snmp-server contact ********
snmp-server enable traps tty
access-list 23 permit ****** 0.0.63.255
access-list 23 permit ********** 0.0.31.255
access-list 23 permit ********* 0.0.255.255
access-list 63 permit ******* 0.0.0.255
access-list 99 permit any log
access-list 101 permit ip ********* 0.0.0.255 any
!
control-plane
!
!
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
!
!
!
banner motd ^CCCCC


****************************** WARNING ********************************
You must have authorisation to use this system. The actual or attempted
unauthorized access, use or modification of this system is strictly
prohibited. Individuals undertaking such unauthorized access, use or
modification may be subject to criminal and/or civil penalties under
applicable domestic and/or foreign law. The use of this system may be
monitored and recorded for administrative and security reasons in
accordance with English law. If such monitoring and/or recording
reveals possible evidence of unauthorised activity, the results of such
monitoring may be provided to law enforcement officials or used to
commence legal proceedings against such unauthorised user. Continued
use of this system constitutes consent to such security monitoring and
recording.(RB)
***************
****************************** WARNING ********************************
^C
!
line con 0
login local
no modem enable
line aux 0
line vty 0 4
privilege level 15
login local
transport input all
line vty 5 15
privilege level 15
login local
transport input all
!
scheduler allocate 20000 1000
!
end

Thanks & Regards,
Prasanna Kumar Desireddy

0 Helpful

devils_advocate
Level 7
Level 7
In response to D Prasanna Kumar Reddy

‎01-12-2017 01:23 AM

So after removing the Access List from the VTY lines, you still cannot telnet to the DHCP IP address that is negotiated on the dialer interface, i.e. your Public IP?

FYI, you have tried this from outside your network right? To SSH to the Public IP I mean.

0 Helpful

D Prasanna Kumar Reddy
Level 1
Level 1
In response to devils_advocate

‎01-12-2017 02:44 AM

Hi, 

Yes, I am trying from Outside World.

But, I have tried from Directly Connected Interface on our Core(P-P) & Also tried from LAN by taking remote access to Customer PC which is having IP Address from LAN Pool 

And i am able to access it from LAN with LAN Interface IP Address.

Thanks & Regards,
Prasanna Kumar Desireddy

0 Helpful

paul driver
VIP
VIP
In response to D Prasanna Kumar Reddy

‎01-12-2017 02:24 AM

Hello

Try applying a default route on the rtr.

ip route 0.0.0.0 0.0.0.0 dialer0

res
Paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

D Prasanna Kumar Reddy
Level 1
Level 1
In response to paul driver

‎01-12-2017 02:42 AM

Hi Paul,

I have checked the Routing, Looking Perfect. In fact site is working with this Interent & I am able to ping it from Outside World. 

Thanks & Regards,
Prasanna Kumar Desireddy

0 Helpful
Customers Also Viewed These Support Documents