06-24-2008 03:31 AM
I'm not able to gain access to my cisco 1841 via telnet from remote. I can telnet to any inside interface without problem, but not to the dialer interface. Trying to scanning for open ports from remote i only get ftp port 21 (i don't know why since i havn't forwarded any ftp port) and SSH port 443, but not telnet port 23. Router is configured with HWIC-1ADSL card for DSL connection and HWIC-AP-G-E for wireless connections.
Hereafter relevant config.
Thanks
06-24-2008 03:46 AM
06-24-2008 07:06 AM
Hi,
Can you paste the output of show ip int brief.
Regards,
Pravin
06-24-2008 01:49 PM
Hi,
here is the ip int brief.
thanks
CISCO1841#show ip int brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 192.168.1.1 YES NVRAM up up
FastEthernet0/1 192.168.2.1 YES NVRAM up up
ATM0/0/0 unassigned YES NVRAM up up
Dot11Radio0/1/0 unassigned YES NVRAM up up
Dot11Radio0/1/0.1 192.168.2.129 YES NVRAM up up
Dot11Radio0/1/0.2 192.168.3.1 YES NVRAM up up
NVI0 unassigned NO unset up up
Virtual-Access1 unassigned YES unset up up
Dialer1 151.16.203.203 YES IPCP up up
06-24-2008 01:51 PM
Hi,
here is the ip int brief.
thanks
CISCO1841#show ip int brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 192.168.1.1 YES NVRAM up up
FastEthernet0/1 192.168.2.1 YES NVRAM up up
ATM0/0/0 unassigned YES NVRAM up up
Dot11Radio0/1/0 unassigned YES NVRAM up up
Dot11Radio0/1/0.1 192.168.2.129 YES NVRAM up up
Dot11Radio0/1/0.2 192.168.3.1 YES NVRAM up up
NVI0 unassigned NO unset up up
Virtual-Access1 unassigned YES unset up up
Dialer1 151.16.203.203 YES IPCP up up
06-24-2008 10:34 AM
Try removing:
ip nat inside source static 192.168.3.2 interface Dialer1
... and see if that works.
06-25-2008 12:40 AM
Hi,
trying to remove the line you suggested didn't solve the problem.
Btw, just to be as much clear as possible about the problem, i can telnet any router interface (even the dialer one) from the internal network, but when i telnet the dialer interface from remote i don't get any response. The router is connected to internet and client PCs can surf without problem. Another "strange behaviour" of the router is that i'm not able to ping any external address when i'm in telnet or console on the router.
If i execute an extended ping, specifying one of the two fast ethernet interfaces as the source address, the ping works fine. I think that this problem has something to do with the telnet problem.
06-25-2008 01:06 AM
Hi,
The ACL which have been configured are they applied on any interface ? I dont see it applied to any interface only "ip access-group TELEFONO-VOIP-INGRESSO in"
Also if possible remove the radius config and check if you are able to telnet.
Regards,
Pravin
06-25-2008 01:49 AM
Hi,
you need only one statement for "ip nat ... overload". That is, you should combine the two ACLs into one and use it.
I haven't check if you have any ACL blocking telenet, so begin trying the above first.
06-25-2008 04:07 AM
Hi guys,
first of all i wanted to thank all of you for your support :-)
As for the config is concerns, don't waste time looking at the access lists which are actually not applied except for the VOIP one.
I'll try to remove the radius and see what happens.
To Paolo : I agree with you about the nat pool in that i could join the two pools into a single access list, but shouldn't it work anyway?
thanks
06-25-2008 04:21 AM
It could, fact is that I've never seen doing that and is not the recommended way.
06-25-2008 11:20 PM
Hi Paolo,
i just tried to follow your suggestion concerning the two access lists and nat, but unfortunately nothing has changed.still not able to telnet. Do you think a reboot is needed?
Thanks
06-26-2008 06:42 AM
I'm curious, who is your internet provider? Is is possible that they are blocking your telnet attempts?
I have a Cisco 800 series that I've never been able to ssh to from the outside. I tried a million things and just could not figure out why I couldn't get in. After giving up on it, I had a friend tell me that he heard that our cable provider blocks inbound connections like telnet and ssh.
Have you tried unplugging from your provider and plugging in a laptop to the outside connection of the router? Then you could try to ssh to the router from the "outside" and see if it works. If it works, then you know that your ISPs is blocking, and if it doesn't then you know that it is just a configuration issue.
I'm going to do that with my router whenever I have some time to kill.
06-26-2008 06:53 AM
Hi,
i'm quite sure it's not an ISP related problem cause since a couple of weeks ago i was using a cisco 877w router on the same connection and it was reachable from outside via telnet.
06-30-2008 06:11 AM
so nobody came out with a solution??
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide