10-28-2013 04:18 PM - edited 03-07-2019 04:17 PM
Hi i'm trying to telnet 10.63.205.134 but still i can't connect to it. This IP is already permitted on the ACL. Also i tried to open ports on windows firewall but still i can't telnet it. Is there something i must do on the router config? Thanks
access-list 1 permit any
access-list 99 permit 172.20.251.49
access-list 99 permit 172.20.251.53
access-list 99 permit 10.63.205.133
access-list 99 permit 10.49.145.75
access-list 99 permit 222.127.8.240 0.0.0.15
access-list 99 permit 10.49.174.16 0.0.0.15
access-list 99 permit 10.49.135.0 0.0.0.255
access-list 99 permit 10.198.164.36 0.0.0.3
access-list 99 permit 10.198.164.164 0.0.0.3
line con 0
exec-timeout 5 0
password 7 xxxxxxx
logging synchronous
line aux 0
exec-timeout 5 0
password 7 xxxxxxx
no exec
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line 0/0/0 0/0/1
script dialer gsm
no exec
rxspeed 7200000
txspeed 5760000
line vty 0 4
access-class 99 in
exec-timeout 5 0
password 7 xxxxx
logging synchronous
transport input telnet ssh
line vty 5 15
access-class 99 in
exec-timeout 5 0
privilege level 15
password 7 xxxxxxx
logging synchronous
transport input telnet ssh
10-28-2013 04:22 PM
Is 10.63.205.134 the address of the router?
10-28-2013 04:30 PM
Yes that's the address of the router. My workstation IP was 10.49.135.169. But this IP was already permmited on ACL -> access-list 99 permit 10.49.135.0 0.0.0.255.
10-28-2013 04:53 PM
Hello Josiah
The first thing I would go about troubleshooting this issue from Router end access list would to be
try and give a temporary permit any statement
(or)
give a deny any log to reflect access list denies on the logs
(or)
run a debug while trying to telnet
Regards,
Anup
Don't forget to rate if you found this helpful !
10-28-2013 05:00 PM
The problem was I'm on my clients HQ and there's no way i can access it. I think i'll endorse this to our ISP.
10-28-2013 05:08 PM
I'd also check the router from a known good location (or console) and validate that their are open vty lines ("show line")
BTW, it's not recommended to post type 7 passwords in your posts - they are easily cracked by using any number of sites with type 7 password crackers. (e.g., http://www.ibeast.com/content/tools/CiscoPassword/ )
10-28-2013 05:50 PM
Hi Marvin, thanks for noting about the type 7 password. Is there other way to configure passwords that can't be decrypt? Thanks
10-28-2013 06:07 PM
When you post in a forum, simply edit out that bit and replace with
As far as good device security, best common practice is to use the "enable secret" method (also described in the reference above) for local authentication and point to an external TACACS server for aaa services (including authentication).
10-28-2013 05:40 PM
Thanks for helping guys, i've already found my mistake. Thanks.
10-29-2013 10:23 AM
Hello Josiah
Would you mind sharing where the issue was so that it will be helpful for all of us in troubleshooting similar access issues ?
Regards,
Anup
Don't forget to rate if you found this helpful !
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: