I would remove all the NAT things to see if you can telnet to the
box..etc. Do steps by steps trouble shooting :)
I remembered long ago I had a static IP through DSL and want my whole
family to get to the internet so I did the overload and also have a
web,dns and mail server running so I did the port mapping thing.
but I think your problem is because of the access-list 1. Check that one
make sure that it include just the LAN blocks and not any any since the
return telnet traffic could be natted. Turn on debug to see.
good luck.
rgs/lmn
P.S I think the error if you don't set the password is password required
but none set.
On Wed, 3 Oct 2001, Ken Reiss wrote:
> Nick,
>
> Thanks for the suggestion! Perhaps we'll try that, if we can't get it to work
> this way. We do have the following lines in there:
>
> username the_username privilege 15 password 0 the_password
> !
> line vty 0 4
> login local
>
> which has worked fine in other configs we have done. Might anyone have any
> suggestions on how we can get this router to allow us to telnet into it?
>
> Thank you very much,
> Ken Reiss.
>
>
>
> Nick wrote:
>
> > Ken,
> >
> > I hope I am not teaching you to suck eggs with this reply. don't know much
> > about the 802 but did you add:
> >
> > line vty 0 4
> > login
> > password suckeggs
> > exit
> >
> > Normally if you don't it will pop back with a "% Connection refused by
> > remote host".
> >
> > -nick
> >
> > ----- Original Message -----
> > From: "Ken Reiss" <KReiss@PortONE.com>
> > To: "Chris Roberts" <croberts@bongle.co.uk>; "Richard Golodner"
> > <RGolodner@Aetea.com>
> > Cc: "Cisco Mailing List" <cisco-nsp@puck.nether.net>
> > Sent: Thursday, October 04, 2001 4:52 AM
> > Subject: Re: [nsp] Basic NAT Question
> >
> > > Thanks for the replies, guys.
> > >
> > > The advice to lock down the ports makes good sense. The client swore they
> > > didn't want it locked down, but we've finally convinced him otherwise.
> > So,
> > > we went into the router (via console) and removed the "ip nat inside
> > source
> > > static..." line altogether, which (correct me if I'm wrong) should have
> > > allowed me to telnet into the router via Internet. However, I still could
> > > not telnet into the router, receiving "% Connection refused by remote
> > host"
> > > error.
> > >
> > > Perhaps the newer IOS (I'm not sure what's in here, since I can't telnet
> > > into it) has to implicitly allow telnet logins?
> > >
> > > Perhaps anyone can lend a suggestion?
> > >
> > > Thanks!
> > > Ken.
> > >
> > >
> > > Chris Roberts wrote:
> > >
> > > > On Wed, Oct 03, 2001 at 01:31:04PM -0400, Ken Reiss wrote:
> > > > [ ... ]
> > > > > ip nat translation timeout 1800
> > > > > ip nat inside source list 1 interface Dialer1 overload
> > > > > ip nat inside source static 172.17.253.2 209.101.148.208
> > > > >
> > > >
> > > > This command will redirect all ports including telnet unfortunately. You
> > > > could either redirect just the ports you want, or you might be able to
> > > > do something icky like set up a static NAT mapping for port 23 to the
> > > > routers internal IP, or even a loopback IP preferably.
> > > >
> > > > Cheers,
> > > > Chris.
> > > >
> > > > >
> > > > > Thank you very much,
> > > > > Ken Reiss.
> > > > >
> > > >
> > > > Cheers,
> > > > Chris.
> > > > --
> > > > |=========----- -------=======|
> > > > | Chris Roberts (croberts@bongle.co.uk) |
> > > > |=======------- -----=========|
> > >
> > > --
> > >
> > >
> > >
> > > *************************
> > > Kenneth A. Reiss
> > > Port One Internet, Inc.
> > > 160 Chapel Road
> > > Manchester, CT 06040
> > > 860-722-3000
> > > 860-533-0033
> > > Fax: 533-7225
> > > *************************
> > >
> > >
>
> --
>
>
>
> *************************
> Kenneth A. Reiss
> Port One Internet, Inc.
> 160 Chapel Road
> Manchester, CT 06040
> 860-722-3000
> 860-533-0033
> Fax: 533-7225
> *************************
>
>
>
This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:50 EDT