Hi i'm trying to telnet 10.63.205.134 but still i can't connect to it. This IP is already permitted on the ACL. Also i tried to open ports on windows firewall but still i can't telnet it. Is there something i must do on the router config? Thanks
access-list 1 permit any
access-list 99 permit 172.20.251.49
access-list 99 permit 172.20.251.53
access-list 99 permit 10.63.205.133
access-list 99 permit 10.49.145.75
access-list 99 permit 222.127.8.240 0.0.0.15
access-list 99 permit 10.49.174.16 0.0.0.15
access-list 99 permit 10.49.135.0 0.0.0.255
access-list 99 permit 10.198.164.36 0.0.0.3
access-list 99 permit 10.198.164.164 0.0.0.3
line con 0
exec-timeout 5 0
password 7 xxxxxxx
logging synchronous
line aux 0
exec-timeout 5 0
password 7 xxxxxxx
no exec
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line 0/0/0 0/0/1
script dialer gsm
no exec
rxspeed 7200000
txspeed 5760000
line vty 0 4
access-class 99 in
exec-timeout 5 0
password 7 xxxxx
logging synchronous
transport input telnet ssh
line vty 5 15
access-class 99 in
exec-timeout 5 0
privilege level 15
password 7 xxxxxxx
logging synchronous
transport input telnet ssh
Is 10.63.205.134 the address of the router?
Yes that's the address of the router. My workstation IP was 10.49.135.169. But this IP was already permmited on ACL -> access-list 99 permit 10.49.135.0 0.0.0.255.
Hello Josiah
The first thing I would go about troubleshooting this issue from Router end access list would to be
try and give a temporary permit any statement
(or)
give a deny any log to reflect access list denies on the logs
(or)
run a debug while trying to telnet
Regards,
Anup
Don't forget to rate if you found this helpful !
The problem was I'm on my clients HQ and there's no way i can access it. I think i'll endorse this to our ISP.
I'd also check the router from a known good location (or console) and validate that their are open vty lines ("show line")
BTW, it's not recommended to post type 7 passwords in your posts - they are easily cracked by using any number of sites with type 7 password crackers. (e.g., http://www.ibeast.com/content/tools/CiscoPassword/ )
Hi Marvin, thanks for noting about the type 7 password. Is there other way to configure passwords that can't be decrypt? Thanks
When you post in a forum, simply edit out that bit and replace with
As far as good device security, best common practice is to use the "enable secret" method (also described in the reference above) for local authentication and point to an external TACACS server for aaa services (including authentication).
Thanks for helping guys, i've already found my mistake. Thanks.
Hello Josiah
Would you mind sharing where the issue was so that it will be helpful for all of us in troubleshooting similar access issues ?
Regards,
Anup
Don't forget to rate if you found this helpful !