Hi your running a K9 try ssh

weathermon · ‎10-09-2015

Hi all,

I've been wrecking my brains all evening trying to sort this one out and I'm convinced it's an IOS bug. I have another Cisco 877 with telnet working absolutely perfect from telnet via LAN (vrf) and WAN. It's running c870-advsecurityk9-mz.124-15.T10.

The problematic 877 is running version c870-advsecurityk9-mz.124-24.T6. No matter what I do, I cannot telnet into the WAN connection at all - I constantly get the message "% Connection refused by remote host" (I can telnet into the lan ip via the vrf perfectly fine). Here's the running-config:

Current configuration : 2764 bytes
!
version 12.4
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname roma
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
enable secret 5 xxx
enable password xxx
!
no aaa new-model
!
!
dot11 syslog
ip source-route
!
!
ip cef
ip name-server xx.xx.xx.xx
ip name-server xx.xx.xx.xx
!
!
!
!
username xx privilege 15 password 0 xx
!
!
!
archive
log config
hidekeys
!
!
!
!
!

interface Tunnel2410
description tunnel
ip address xx.xx.xx.xx xx.xx.xx.xx
no ip redirects
ip nhrp authentication xx
ip nhrp map multicast xx
ip nhrp map xx.xx.xx.xx xx.xx.xx.xx
ip nhrp network-id 1
ip nhrp nhs xx.xx.xx.xx
ip nhrp registration timeout 30
tunnel source Dialer1
tunnel mode gre multipoint
!
interface ATM0
no ip address
no atm ilmi-keepalive
pvc 8/35
encapsulation aal5snap
protocol ppp dialer
dialer pool-member 1
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
ip address xx.xx.xx.xx xx.xx.xx.xx
ip nat inside
ip virtual-reassembly
hold-queue 100 out
!
interface Dialer1
bandwidth 1000
bandwidth receive 22300
ip address negotiated
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication pap chap callin
ppp chap hostname xx@xx.xx.xx
ppp chap password 0 xx
ppp pap sent-username xx@xx.xx.xx password 0 xx
ppp ipcp route default
!
router rip
version 2
redistribute connected
redistribute static
network xx.xx.xx.xx
network xx.xx.xx.xx
distribute-list 2 out
no auto-summary
!
ip forward-protocol nd
ip route xx.xx.xx.xx xx.xx.xx.xx xx.xx.xx.xx name xx
ip http server
no ip http secure-server
!

!
logging xx.xx.xx.xx
access-list 1 permit xx.xx.xx.xx xx.xx.xx.xx
access-list 2 remark rip distribute list
access-list 2 permit xx.xx.xx.xx xx.xx.xx.xx
access-list 2 permit xx.xx.xx.xx xx.xx.xx.xx
access-list 2 deny any
access-list 60 permit xx.xx.xx.xx xx.xx.xx.xx
access-list 60 permit xx.xx.xx.xx xx.xx.xx.xx
!
!
!
snmp-server community xx RO
!
control-plane
!
!
line con 0
no modem enable
stopbits 1
line aux 0
line vty 0 4
login local
transport input all
transport output all
!
scheduler max-task-time 5000
end

Here's the output from show line:

xx# sh line
Tty Typ Tx/Rx A Modem Roty AccO AccI Uses Noise Overruns Int
0 CTY - - - - - 0 0 0/0 -
1 AUX 0/0 - - - - - 0 0 0/0 -
* 2 VTY - - - - - 70 0 0/0 -
3 VTY - - - - - 5 0 0/0 -
4 VTY - - - - - 0 0 0/0 -
5 VTY - - - - - 0 0 0/0 -
6 VTY - - - - - 0 0 0/0 -

Cheers, Mike

Mark Malone · ‎10-09-2015

Hi your running a K9 try ssh see if its the same it should identify if its a bug or not that just effects telnet , is there anything in fornt of the router that could be blocking it , you should have an access-class on that vty port as its wan facing.

ip ssh version 2

ip ssh timeout 120

ip domain-name xxx

crypto key generate rsa [1024)

You could also try set it just fro telnet see if that helps

transport input telnet

transport preferred telnet

If you debug telnet is anything hitting it at all

Cisco 877 telnet issues