Solved: Telnet connection from home network - Page 2

sany98 · ‎05-16-2018

Hi

I'm trying to setup my first home lab but I'm having an issue with telnet from my home network. I have successful connected an router 2811, switch 3560v2 and an pc1. 2811 gets internet access form my home router (netgear) and switch and pc1 gets access through 2811. I can ping 2811 from pc1(192.168.2.2) and have access through telnet. When I try to telnet from pc2(192.168.1.2) to 2811 it doesn't work, however I can ping 2811 and I get answer but no telnet connection. Thank you in advance!

Here is config print:

R3#show running-config

Building configuration...

Current configuration : 1129 bytes

!

version 12.3

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname R3

!

boot-start-marker

boot-end-marker

!

enable secret 5 $1$lC3V$eShhVLFZQqb2inIdLkRDF0

!

no aaa new-model

!

resource policy

!

ip subnet-zero

!

ip cef

no ip dhcp use vrf connected

!

ip dhcp pool labuser

network 192.168.2.0 255.255.255.0

default-router 192.168.2.1

dns-server 8.8.8.8

!

no ftp-server write-enable

!

interface FastEthernet0/0

ip address dhcp

ip nat outside

duplex auto

speed auto

!

interface FastEthernet0/1

ip address 192.168.2.1 255.255.255.0

ip nat inside

duplex auto

speed auto

!

interface Serial0/0/0

no ip address

shutdown

clockrate 2000000

!

interface Serial0/0/1

no ip address

shutdown

!

ip classless

ip route 0.0.0.0 0.0.0.0 192.168.1.254

!

no ip http server

no ip http secure-server

ip nat inside source list 1 interface FastEthernet0/0 overload

!

access-list 1 permit any

!

control-plane

!

line con 0

line aux 0

line vty 0 4

password cisco

login

!

scheduler allocate 20000 1000

!

end

R3#

Georg Pauwen · ‎05-23-2018

Hello,

post the configs of all your routers...

sany98 · ‎05-23-2018

R2 gets internet connection from home network.

R1
hostname R1
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
enable secret 5 $1$GmPH$sQ0WE0JzfH3xtD59VY59C/
!
no aaa new-model
memory-size iomem 10
!
dot11 syslog
ip source-route
!
!
ip cef
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
archive
log config
hidekeys
!
!
!
!
!
!
!
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 192.168.2.1 255.255.255.0
duplex auto
speed auto
!
interface Serial0/0/0
no ip address
shutdown
clock rate 2000000
!
interface Serial0/0/1
ip address 11.0.0.1 255.0.0.0
!
ip forward-protocol nd
ip route 11.0.0.0 255.0.0.0 11.0.0.2
ip route 12.0.0.0 255.0.0.0 11.0.0.2
ip route 192.168.1.0 255.255.255.0 11.0.0.2
ip route 192.168.3.0 255.255.255.0 11.0.0.2
ip route 192.168.4.0 255.255.255.0 11.0.0.2
no ip http server
no ip http secure-server
!
!
!
access-list 1 permit any
!
!
!
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
password cisco
login
!
scheduler allocate 20000 1000
end

R2

Building configuration...

Current configuration : 1662 bytes
!
! Last configuration change at 19:39:50 UTC Wed May 23 2018 by
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R2
!
boot-start-marker
boot-end-marker
!
!
enable secret 4 tnhtc92DXBhelxjYk8LWJrPV36S2i4ntXrpb4RFmfqY
!
no aaa new-model
!
!
dot11 syslog
ip source-route
!
!
ip cef
!
!
!
ip domain name sanelccent.org
!
multilink bundle-name authenticated
!
!
crypto pki token default removal timeout 0
!
!
!
!
license udi pid CISCO2811 sn FCZ094871GQ
username sanel privilege 15 secret 4 tnhtc92DXBhelxjYk8LWJrPV36S2i4ntXrpb4RFmfqY
!
redundancy
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
ip address 192.168.1.88 255.255.255.0
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 192.168.3.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
interface Serial0/0/0
ip address 12.0.0.1 255.0.0.0
ip nat inside
ip virtual-reassembly in
clock rate 2000000
!
interface Serial0/0/1
ip address 11.0.0.2 255.0.0.0
ip nat inside
ip virtual-reassembly in
clock rate 2000000
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip nat inside source list 1 interface FastEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 192.168.1.254
ip route 11.0.0.0 255.0.0.0 11.0.0.1
ip route 12.0.0.0 255.0.0.0 12.0.0.2
ip route 192.168.2.0 255.255.255.0 11.0.0.1
ip route 192.168.4.0 255.255.255.0 12.0.0.2
!
access-list 1 permit any
!
!
!
!
!
control-plane
!
!
!
line con 0
line aux 0
line vty 0 4
password cisco
login local
transport input all
!
scheduler allocate 20000 1000
end

R2#

R3

R3#show run
Building configuration...

Current configuration : 1131 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R3
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$pBLN$mnP43U.Yl7b82hnJOxoBA.
!
no aaa new-model
!
resource policy
!
ip subnet-zero
!
!
ip cef
no ip dhcp use vrf connected
!
!
no ftp-server write-enable
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 192.168.4.1 255.255.255.0
ip nat inside
duplex auto
speed auto
!
interface Serial0/0/0
no ip address
shutdown
clockrate 2000000
!
interface Serial0/0/1
ip address 12.0.0.2 255.0.0.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.1.254
ip route 11.0.0.0 255.0.0.0 12.0.0.1
ip route 12.0.0.0 255.0.0.0 12.0.0.1
ip route 192.168.1.0 255.255.255.0 11.0.0.2
ip route 192.168.2.0 255.255.255.0 12.0.0.1
ip route 192.168.3.0 255.255.255.0 12.0.0.1
!
!
no ip http server
no ip http secure-server
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
password cisco
login
!
scheduler allocate 20000 1000
!
end

R3#

sany98 · ‎05-23-2018

sany98 · ‎05-23-2018

sany98 · ‎05-23-2018

sany98 · ‎05-23-2018

sany98 · ‎05-23-2018

sany98 · ‎05-23-2018

sany98 · ‎05-23-2018

sany98 · ‎05-23-2018

I had problems posting R2 config because system didn't like some lines and blocked it as spam. I believe it was ssh config so I had to remove it. That's why R2 config is not complete, but I believe it should be enough.

Georg Pauwen · ‎05-23-2018

Hello,

on R2 (the middle router that does the NAT), change:

ip nat inside source list 1 interface FastEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 192.168.1.254
ip route 11.0.0.0 255.0.0.0 11.0.0.1
ip route 12.0.0.0 255.0.0.0 12.0.0.2
ip route 192.168.2.0 255.255.255.0 11.0.0.1
ip route 192.168.4.0 255.255.255.0 12.0.0.2
!
access-list 1 permit any

to:

ip nat inside source list 101 interface FastEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 192.168.1.254
ip route 11.0.0.0 255.0.0.0 11.0.0.1
ip route 12.0.0.0 255.0.0.0 12.0.0.2
ip route 192.168.2.0 255.255.255.0 11.0.0.1
ip route 192.168.4.0 255.255.255.0 12.0.0.2
!
access-list 101 deny ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 101 deny ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 101 deny ip 192.168.4.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 101 permit ip any any

sany98 · ‎05-23-2018

hi

I have changed but still can't access from telnet or ping from my home network 192.168.1.. to 192.168.2 ,192.168.3 and 192.168.4 networks.

sany98 · ‎05-23-2018

Georg Pauwen · ‎05-24-2018

Hello,

on your translating router, R2, change access list 1 from:

access-list 1 permit any

to

access-list 1 permit 11.0.0.0
access-list 1 permit 12.0.0.0
access-list 1 permit 192.168.2.0
access-list 1 permit 192.168.3.0
access-list 1 permit 192.168.4.0

Allowing anything is never a good idea, since it translates the outgoing interface as well...

sany98 · ‎05-24-2018

Hi

i have changed but still can't access (ping or telnet) 2,3 and 4 networks from my home network 192.168.1..