Nick,
Thanks for the suggestion! Perhaps we'll try that, if we can't get it to work
this way. We do have the following lines in there:
username the_username privilege 15 password 0 the_password
!
line vty 0 4
login local
which has worked fine in other configs we have done. Might anyone have any
suggestions on how we can get this router to allow us to telnet into it?
Thank you very much,
Ken Reiss.
Nick wrote:
> Ken,
>
> I hope I am not teaching you to suck eggs with this reply. don't know much
> about the 802 but did you add:
>
> line vty 0 4
> login
> password suckeggs
> exit
>
> Normally if you don't it will pop back with a "% Connection refused by
> remote host".
>
> -nick
>
> ----- Original Message -----
> From: "Ken Reiss" <KReiss@PortONE.com>
> To: "Chris Roberts" <croberts@bongle.co.uk>; "Richard Golodner"
> <RGolodner@Aetea.com>
> Cc: "Cisco Mailing List" <cisco-nsp@puck.nether.net>
> Sent: Thursday, October 04, 2001 4:52 AM
> Subject: Re: [nsp] Basic NAT Question
>
> > Thanks for the replies, guys.
> >
> > The advice to lock down the ports makes good sense. The client swore they
> > didn't want it locked down, but we've finally convinced him otherwise.
> So,
> > we went into the router (via console) and removed the "ip nat inside
> source
> > static..." line altogether, which (correct me if I'm wrong) should have
> > allowed me to telnet into the router via Internet. However, I still could
> > not telnet into the router, receiving "% Connection refused by remote
> host"
> > error.
> >
> > Perhaps the newer IOS (I'm not sure what's in here, since I can't telnet
> > into it) has to implicitly allow telnet logins?
> >
> > Perhaps anyone can lend a suggestion?
> >
> > Thanks!
> > Ken.
> >
> >
> > Chris Roberts wrote:
> >
> > > On Wed, Oct 03, 2001 at 01:31:04PM -0400, Ken Reiss wrote:
> > > [ ... ]
> > > > ip nat translation timeout 1800
> > > > ip nat inside source list 1 interface Dialer1 overload
> > > > ip nat inside source static 172.17.253.2 209.101.148.208
> > > >
> > >
> > > This command will redirect all ports including telnet unfortunately. You
> > > could either redirect just the ports you want, or you might be able to
> > > do something icky like set up a static NAT mapping for port 23 to the
> > > routers internal IP, or even a loopback IP preferably.
> > >
> > > Cheers,
> > > Chris.
> > >
> > > >
> > > > Thank you very much,
> > > > Ken Reiss.
> > > >
> > >
> > > Cheers,
> > > Chris.
> > > --
> > > |=========----- -------=======|
> > > | Chris Roberts (croberts@bongle.co.uk) |
> > > |=======------- -----=========|
> >
> > --
> >
> >
> >
> > *************************
> > Kenneth A. Reiss
> > Port One Internet, Inc.
> > 160 Chapel Road
> > Manchester, CT 06040
> > 860-722-3000
> > 860-533-0033
> > Fax: 533-7225
> > *************************
> >
> >
--************************* Kenneth A. Reiss Port One Internet, Inc. 160 Chapel Road Manchester, CT 06040 860-722-3000 860-533-0033 Fax: 533-7225 *************************
This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:13:19 EDT