Re: How do you change tcp port for telnet on a router? [7:64841]
that argument does not exist with the password command atleast for the ios vers i have. what ios r u using. normally when there is an arrgument a space delimites it. telnet 3001, will actually try to resolve 3001 to an ip(ie, if ip host is being used) could u develop a bit on this? Regards, Amar. Dimitrije a icrit dans le message de news: [EMAIL PROTECTED] line vty 3 4 password LetMeInPort3001 login rotary 1 ! telnet 3001 allows you to telnet into router at port 3001 [EMAIL PROTECTED] wrote: How do you change tcp port for telnet on a router? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64841t=64841 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: How do you change tcp port for telnet on a router? [7:64856]
argument in the password commnad is actually the un-encrypted password. telnet ip_address 3001 will get you a cisco password promt at port 3001. Amar KHELIFI wrote: that argument does not exist with the password command atleast for the ios vers i have. what ios r u using. normally when there is an arrgument a space delimites it. telnet 3001, will actually try to resolve 3001 to an ip(ie, if ip host is being used) could u develop a bit on this? Regards, Amar. Dimitrije a icrit dans le message de news: [EMAIL PROTECTED] line vty 3 4 password LetMeInPort3001 login rotary 1 ! telnet 3001 allows you to telnet into router at port 3001 [EMAIL PROTECTED] wrote: How do you change tcp port for telnet on a router? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64856t=64856 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: How do you change tcp port for telnet on a router? [7:64857]
the un-encrypted password, well, obviously. telnet x.x.x.x 3001 will hit one of the available terminal lines on rotary group 1, when u run it from a cisco router, other wise, from an os point of view the argument would be the port number that the telnet service listens on. the question was, if the telnet service can sit on a port other than 23, in a cisco router or switch for that matter. i have not a found a way to do it(but, i haev not looked ver hard, either), but it can be done by nating the tcp port of a giving ip, efectively arriving at the desired solution. u could use ip alias command to bind an ip to a giving line, or port, much like what happens automatically with async links. Dimitrije a icrit dans le message de news: [EMAIL PROTECTED] argument in the password commnad is actually the un-encrypted password. telnet ip_address 3001 will get you a cisco password promt at port 3001. Amar KHELIFI wrote: that argument does not exist with the password command atleast for the ios vers i have. what ios r u using. normally when there is an arrgument a space delimites it. telnet 3001, will actually try to resolve 3001 to an ip(ie, if ip host is being used) could u develop a bit on this? Regards, Amar. Dimitrije a icrit dans le message de news: [EMAIL PROTECTED] line vty 3 4 password LetMeInPort3001 login rotary 1 ! telnet 3001 allows you to telnet into router at port 3001 [EMAIL PROTECTED] wrote: How do you change tcp port for telnet on a router? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64857t=64857 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
How do you change tcp port for telnet on a router? [7:64382]
How do you change tcp port for telnet on a router? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64382t=64382 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: How do you change tcp port for telnet on a router? [7:64402]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 +--- On Tuesday, March 04, 2003 14:13, [EMAIL PROTECTED] proclaimed: | | How do you change tcp port for telnet on a router? | supposing you wanted to telnet to the router using port 10023... ! ingress interface for telnet session ! int e0 ip addr 192.168.0.1 255.255.255.0 ip access-group TELNET_PT_ACL in ip nat outside ! int loop0 ip addr 1.1.1.1 255.255.255.255 ip nat inside ! ip nat inside source static 1.1.1.1 23 192.168.0.1 10023 extend ! ip access-list ex TELNET_PT_ACL deny tcp any 192.168.0.1 0.0.0.0 eq 23 permit any - -- +---+--+ |Michael W. Oliver, CCNP| The tree of liberty must be | | | refreshed from time to time | |[EMAIL PROTECTED] | with the blood of patriots | |http://michael.gargantuan.com/ | and tyrants.| | ASpath-tree, Looking Glass, etc.| - President Thomas Jefferson | | +--+ | gpg key - http://michael.gargantuan.com/gnupg/pubkey.asc | +--+ -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE+ZSUtsWv7q8X6o8kRAvVlAJ4uKsNBW9N+vsaDZnR1suXT6R7dTACgs2vs kTkaV8JLc4P+qm6Y00ymLAU= =VJcF -END PGP SIGNATURE- Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64402t=64402 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: How do you change tcp port for telnet on a router? [7:64438]
line vty 3 4 password LetMeInPort3001 login rotary 1 ! telnet 3001 allows you to telnet into router at port 3001 [EMAIL PROTECTED] wrote: How do you change tcp port for telnet on a router? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64438t=64438 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
changing telnet port in router [7:55377]
I forgot how to change the telnet port in the router from 23. Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=55377t=55377 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: changing telnet port in router [7:55377]
In article , [EMAIL PROTECTED] says... I forgot how to change the telnet port in the router from 23. So did I. Don't think you can, but no doubt someone will correct me if wrong. What's the reason? SSH help at all? Gaz Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=55422t=55377 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
How come I can't telnet to my router? [7:42444]
Hi all, I configured a cisco 2600 router behind a ADSL router. It is working perfect, but I can't telnet to my router from outside, it said the target machine actively refused it. I pasted my router's configuration below, please advice. Thanks Ricky ! version 12.2 no service pad service tcp-keepalives-in service timestamps debug uptime service timestamps log uptime service password-encryption ! hostname DSL ! enable secret 5 $1$fJh4$53q/uqBz6lsMHGhw.ex49. ! ip subnet-zero ! ! ip name-server 141.155.0.68 ip name-server 141.154.0.68 ip name-server 10.0.0.1 ip dhcp excluded-address 10.0.0.200 ! ip dhcp pool dsl import all network 10.0.0.0 255.255.255.0 default-router 10.0.0.200 dns-server 141.155.0.68 141.154.0.68 10.0.0.1 ! vpdn enable ! vpdn-group ppoe request-dialin protocol pppoe ! ! ! ! ! ! ! ! fax interface-type fax-mail mta receive maximum-recipients 0 ! ! ! ! interface Ethernet0/0 ip address 10.0.0.200 255.255.255.0 ip nat inside ip route-cache flow ip tcp adjust-mss 1452 full-duplex ! interface Serial0/0 no ip address shutdown ! interface Ethernet0/1 no ip address ip route-cache flow no keepalive half-duplex pppoe enable pppoe-client dial-pool-number 1 ! interface Serial0/1 no ip address shutdown ! interface Dialer1 ip address negotiated ip mtu 1492 ip nat outside encapsulation ppp ip route-cache flow dialer pool 1 dialer-group 2 ppp authentication chap callin ppp chap hostname [EMAIL PROTECTED] ppp chap password 7 11243026324158 ! router eigrp 100 network 10.0.0.0 network 192.168.100.0 no auto-summary no eigrp log-neighbor-changes ! ip nat inside source list 1 interface Dialer1 overload ip classless ip route 0.0.0.0 0.0.0.0 Dialer1 no ip http server ip pim bidir-enable ! ! access-list 1 permit 10.0.0.0 0.0.0.255 access-list 2 permit any access-list 3 deny any dialer-list 2 protocol ip permit dialer-list 2 protocol ipx permit no cdp advertise-v2 ! call rsvp-sync ! ! mgcp profile default ! dial-peer cor custom ! ! ! ! line con 0 exec-timeout 5 0 line aux 0 line vty 0 4 exec-timeout 5 0 password 7 051C050720 login local ! ! end Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=42444t=42444 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: How come I can't telnet to my router? [7:42444]
It's because you are running NAT overloaded. It assumes that all traffic it receives on the dialer interface is destined for a machine on the inside and not for itself. Since there is no static mapping, and no dynamic mapping for telnet, it is refused. That is assuming you are coming in over the dialer interface. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=42446t=42444 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: How come I can't telnet to my router? [7:42444]
Oh, how rude of me. I explained the problem without offering a solution. The easiest (and least likely, considering it appears to be residencial DSL) is multiple IP addresses. A secondary address that is not a part of the NAT pool could be addressed from the outside. The next easiest (I hesitate to say next best, becuase this option is more secure) solution is to create a static NAT map for telnet (port specific) to an internal box (anything with telnetd will work). Then you can telnet from there to the ethernet interface of the router. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=42447t=42444 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: How come I can't telnet to my router? [7:42444]
Ricky Chan wrote: Hi all, I configured a cisco 2600 router behind a ADSL router. You have your 2660 behind an ADSL Router? or ASDL Modem? If you're behind a DSL router, then you're more than likely being NATed by the DSL router, in which case you need to create a static port mapping that would send all incoming (from the internet) traffic on port 23 to go to the IP of the router. Mike W. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=42452t=42444 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OT: telnet to a router from anywhere - wireless!!! [7:22218]
I couldn't imagine using one of thosepalm tops are bad enough...and my typing skills do not help the matter. It would take me 5 minutes to type in one command! :) Brad Ellis 10/04/01 11:06PM Fellow geeks need to check this out, it just looks too cool (wireless telnet access): http://www.airstreamws.com/ourproducts/sshtelnet.html I just bought a RIM 957, so I'll let everyone know how well it works. thanks, -Brad Ellis CCIE#5796 Network Learning Inc [EMAIL PROTECTED] used Cisco: www.optsys.net Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=22218t=22218 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OT: telnet to a router from anywhere - wireless!!! [7:22166]
Fellow geeks need to check this out, it just looks too cool (wireless telnet access): http://www.airstreamws.com/ourproducts/sshtelnet.html I just bought a RIM 957, so I'll let everyone know how well it works. thanks, -Brad Ellis CCIE#5796 Network Learning Inc [EMAIL PROTECTED] used Cisco: www.optsys.net Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=22166t=22166 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Secure telnet to your router using SSH
Perhaps you had an older version of TTSSH. I can't confirm that TTSSH will work with Cisco's SSH implementation (but it is what they recommend on their site): http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v52/pixrn524.h tm " Obtaining an SSH Client The following sites let you download an SSH v1.x client. Because SSH version 1.x and version 2 are entirely different protocols and not compatible, be sure you download a client that supports SSH v1.x. a.. Windows 3.1, Windows CE, Windows 95, and Windows NT 4.0first download the free Tera Term Pro SSH v1.x client from the following site: http://hp.vector.co.jp/authors/VA002416/teraterm.html Then add the SSH extension to Tera Term Pro, which is available at the following site: http://www.zip.com.au/~roca/ttssh.html " -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ Cisco resources: http://r2cisco.artoo.net/ ""Sean Young"" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... do NOT Teraterm Pro, it doesn't work. The reason is that I think Cisco user SSH version 1.5.x or something which is something Teraterm does not support. Try putty. You can search for it from www.google.com. I had the same problem you have before. When I switch over to putty or minterm, it works like a charm. Sean From: "Groupstudy.com" [EMAIL PROTECTED] Reply-To: "Groupstudy.com" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: Secure telnet to your router using SSH Date: Sat, 31 Mar 2001 11:06:37 -0500 Thanks, Clayton, But I could not connet to the router using Tera Term Pro with SSH. I know the Tera Term is working because I have been using it to connect to my PIX through SSH. My router running Version 12.0(7)XK1 with DES support. I did the following. Router(config)# hostname hostname Router(config)# ip domain-name domainname Router(config)# crypto key generate rsaand line vty 0 4 transport input all What do you think is the problem. Thanks Ruihai ""Clayton Price"" [EMAIL PROTECTED] wrote in message 9a4033$lvh$[EMAIL PROTECTED]">news:9a4033$lvh$[EMAIL PROTECTED]... Depending on the platform I think you left out some vital commands. Router(config)# hostname hostname Router(config)# ip domain-name domainname Router(config)# crypto key generate rsa http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/12 1 t/121t1/sshv1.htm#xtocid265436 Clayton Price ""Sean Young"" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... The answer is a very easy one. You need to download Cisco IOS with either DES or 3DES. Furthermore, you will need to do this: line vty 0 4 transport input ssh That will do the trick. If you want to be even more secure, implement TACACS server instead of local account. By the way "transport input ssh" essentially cut-off telnet to your router. I've heard of newbies in this group suggesting of implementing access-list to prevent. That's not the right way to do it. Another thing, remember Cisco IOS only supports SSH version 1 and keep in mind that SSH 1 does have security vulnerabilities. F___ those bastards at Cisco for not implementing SSH2 on Cisco IOS. From: "Groupstudy.com" [EMAIL PROTECTED] Reply-To: "Groupstudy.com" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Secure telnet to your router using SSH Date: Fri, 30 Mar 2001 18:24:02 -0500 I have been using SSH to secure my telnet connection toPIX. Does anyone know how to do the samething to IOS router? Thanks Ruihai _ Get your FREE download of MSN Explorer at http://explorer.msn.com _ Get your FREE download of MSN Explorer at http://explorer.msn.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Secure telnet to your router using SSH
Ah, as someone else posted (which I read after I posted this), TTSSH doesn't work with the newer IOS implementations of SSH. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ Cisco resources: http://r2cisco.artoo.net/ ""J Roysdon"" [EMAIL PROTECTED] wrote in message 9a99bb$5hp$[EMAIL PROTECTED]">news:9a99bb$5hp$[EMAIL PROTECTED]... Perhaps you had an older version of TTSSH. I can't confirm that TTSSH will work with Cisco's SSH implementation (but it is what they recommend on their site): http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v52/pixrn524.h tm " Obtaining an SSH Client The following sites let you download an SSH v1.x client. Because SSH version 1.x and version 2 are entirely different protocols and not compatible, be sure you download a client that supports SSH v1.x. a.. Windows 3.1, Windows CE, Windows 95, and Windows NT 4.0first download the free Tera Term Pro SSH v1.x client from the following site: http://hp.vector.co.jp/authors/VA002416/teraterm.html Then add the SSH extension to Tera Term Pro, which is available at the following site: http://www.zip.com.au/~roca/ttssh.html " -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ Cisco resources: http://r2cisco.artoo.net/ ""Sean Young"" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... do NOT Teraterm Pro, it doesn't work. The reason is that I think Cisco user SSH version 1.5.x or something which is something Teraterm does not support. Try putty. You can search for it from www.google.com. I had the same problem you have before. When I switch over to putty or minterm, it works like a charm. Sean From: "Groupstudy.com" [EMAIL PROTECTED] Reply-To: "Groupstudy.com" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: Secure telnet to your router using SSH Date: Sat, 31 Mar 2001 11:06:37 -0500 Thanks, Clayton, But I could not connet to the router using Tera Term Pro with SSH. I know the Tera Term is working because I have been using it to connect to my PIX through SSH. My router running Version 12.0(7)XK1 with DES support. I did the following. Router(config)# hostname hostname Router(config)# ip domain-name domainname Router(config)# crypto key generate rsaand line vty 0 4 transport input all What do you think is the problem. Thanks Ruihai ""Clayton Price"" [EMAIL PROTECTED] wrote in message 9a4033$lvh$[EMAIL PROTECTED]">news:9a4033$lvh$[EMAIL PROTECTED]... Depending on the platform I think you left out some vital commands. Router(config)# hostname hostname Router(config)# ip domain-name domainname Router(config)# crypto key generate rsa http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/12 1 t/121t1/sshv1.htm#xtocid265436 Clayton Price ""Sean Young"" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... The answer is a very easy one. You need to download Cisco IOS with either DES or 3DES. Furthermore, you will need to do this: line vty 0 4 transport input ssh That will do the trick. If you want to be even more secure, implement TACACS server instead of local account. By the way "transport input ssh" essentially cut-off telnet to your router. I've heard of newbies in this group suggesting of implementing access-list to prevent. That's not the right way to do it. Another thing, remember Cisco IOS only supports SSH version 1 and keep in mind that SSH 1 does have security vulnerabilities. F___ those bastards at Cisco for not implementing SSH2 on Cisco IOS. From: "Groupstudy.com" [EMAIL PROTECTED] Reply-To: "Groupstudy.com" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Secure telnet to your router using SSH Date: Fri, 30 Mar 2001 18:24:02 -0500 I have been using SSH to secure my telnet connection toPIX. Does anyone know how to do the samething to IOS router? Thanks Ruihai _ Get your FREE download of MSN Explorer at http://explorer.msn.com _ Get your FREE download of MSN Explorer at http://explorer.msn.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Secure telnet to your router using SSH
Thanks, Sean, PuTTY worked fine. Ruihai ""Sean Young"" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... do NOT Teraterm Pro, it doesn't work. The reason is that I think Cisco user SSH version 1.5.x or something which is something Teraterm does not support. Try putty. You can search for it from www.google.com. I had the same problem you have before. When I switch over to putty or minterm, it works like a charm. Sean From: "Groupstudy.com" [EMAIL PROTECTED] Reply-To: "Groupstudy.com" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: Secure telnet to your router using SSH Date: Sat, 31 Mar 2001 11:06:37 -0500 Thanks, Clayton, But I could not connet to the router using Tera Term Pro with SSH. I know the Tera Term is working because I have been using it to connect to my PIX through SSH. My router running Version 12.0(7)XK1 with DES support. I did the following. Router(config)# hostname hostname Router(config)# ip domain-name domainname Router(config)# crypto key generate rsaand line vty 0 4 transport input all What do you think is the problem. Thanks Ruihai ""Clayton Price"" [EMAIL PROTECTED] wrote in message 9a4033$lvh$[EMAIL PROTECTED]">news:9a4033$lvh$[EMAIL PROTECTED]... Depending on the platform I think you left out some vital commands. Router(config)# hostname hostname Router(config)# ip domain-name domainname Router(config)# crypto key generate rsa http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/12 1 t/121t1/sshv1.htm#xtocid265436 Clayton Price ""Sean Young"" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... The answer is a very easy one. You need to download Cisco IOS with either DES or 3DES. Furthermore, you will need to do this: line vty 0 4 transport input ssh That will do the trick. If you want to be even more secure, implement TACACS server instead of local account. By the way "transport input ssh" essentially cut-off telnet to your router. I've heard of newbies in this group suggesting of implementing access-list to prevent. That's not the right way to do it. Another thing, remember Cisco IOS only supports SSH version 1 and keep in mind that SSH 1 does have security vulnerabilities. F___ those bastards at Cisco for not implementing SSH2 on Cisco IOS. From: "Groupstudy.com" [EMAIL PROTECTED] Reply-To: "Groupstudy.com" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Secure telnet to your router using SSH Date: Fri, 30 Mar 2001 18:24:02 -0500 I have been using SSH to secure my telnet connection toPIX. Does anyone know how to do the samething to IOS router? Thanks Ruihai _ Get your FREE download of MSN Explorer at http://explorer.msn.com _ Get your FREE download of MSN Explorer at http://explorer.msn.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Secure telnet to your router using SSH
glad I can help. Personally, I like mindterm because it has more bell and whistle. In either case, both putty and mindterm work well because there is no installation required. Damn, these guys are really good software developers. From: "Groupstudy.com" [EMAIL PROTECTED] Reply-To: "Groupstudy.com" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: Secure telnet to your router using SSH Date: Sun, 1 Apr 2001 15:15:07 -0400 Thanks, Sean, PuTTY worked fine. Ruihai ""Sean Young"" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... do NOT Teraterm Pro, it doesn't work. The reason is that I think Cisco user SSH version 1.5.x or something which is something Teraterm does not support. Try putty. You can search for it from www.google.com. I had the same problem you have before. When I switch over to putty or minterm, it works like a charm. Sean From: "Groupstudy.com" [EMAIL PROTECTED] Reply-To: "Groupstudy.com" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: Secure telnet to your router using SSH Date: Sat, 31 Mar 2001 11:06:37 -0500 Thanks, Clayton, But I could not connet to the router using Tera Term Pro with SSH. I know the Tera Term is working because I have been using it to connect to my PIX through SSH. My router running Version 12.0(7)XK1 with DES support. I did the following. Router(config)# hostname hostname Router(config)# ip domain-name domainname Router(config)# crypto key generate rsaand line vty 0 4 transport input all What do you think is the problem. Thanks Ruihai ""Clayton Price"" [EMAIL PROTECTED] wrote in message 9a4033$lvh$[EMAIL PROTECTED]">news:9a4033$lvh$[EMAIL PROTECTED]... Depending on the platform I think you left out some vital commands. Router(config)# hostname hostname Router(config)# ip domain-name domainname Router(config)# crypto key generate rsa http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/12 1 t/121t1/sshv1.htm#xtocid265436 Clayton Price ""Sean Young"" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... The answer is a very easy one. You need to download Cisco IOS with either DES or 3DES. Furthermore, you will need to do this: line vty 0 4 transport input ssh That will do the trick. If you want to be even more secure, implement TACACS server instead of local account. By the way "transport input ssh" essentially cut-off telnet to your router. I've heard of newbies in this group suggesting of implementing access-list to prevent. That's not the right way to do it. Another thing, remember Cisco IOS only supports SSH version 1 and keep in mind that SSH 1 does have security vulnerabilities. F___ those bastards at Cisco for not implementing SSH2 on Cisco IOS. From: "Groupstudy.com" [EMAIL PROTECTED] Reply-To: "Groupstudy.com" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Secure telnet to your router using SSH Date: Fri, 30 Mar 2001 18:24:02 -0500 I have been using SSH to secure my telnet connection toPIX. Does anyone know how to do the samething to IOS router? Thanks Ruihai _ Get your FREE download of MSN Explorer at http://explorer.msn.com _ Get your FREE download of MSN Explorer at http://explorer.msn.com _ Get your FREE download of MSN Explorer at http://explorer.msn.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Secure telnet to your router using SSH
Simple CCO search of 'router ssh' found: http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121 t/121t1/sshv1.htm "Secure Shell Version 1 Support ... Supported Platforms a.. Cisco 1700 series b.. Cisco 2600 series c.. Cisco 3600 series d.. Cisco 7200 series e.. Cisco 7500 series f.. Cisco ubr920 series ... Prerequisites IPSec Software Image Required Before configuring the SSH server feature, you must have an IPSec encryption software image from Cisco IOS Release 12.1(1)T downloaded on your router. " Some encryption is better than plaintext, of course, but SSHv1 has been found to have a number of security holes. My suggestion would be to have a box running SSHv2 that I can securely connect to, or use an IPSEC tunnel. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ Cisco resources: http://r2cisco.artoo.net/ ""Groupstudy.com"" [EMAIL PROTECTED] wrote in message 9a38nf$kb5$[EMAIL PROTECTED]">news:9a38nf$kb5$[EMAIL PROTECTED]... I have been using SSH to secure my telnet connection toPIX. Does anyone know how to do the samething to IOS router? Thanks Ruihai _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Secure telnet to your router using SSH
Thanks, Clayton, But I could not connet to the router using Tera Term Pro with SSH. I know the Tera Term is working because I have been using it to connect to my PIX through SSH. My router running Version 12.0(7)XK1 with DES support. I did the following. Router(config)# hostname hostname Router(config)# ip domain-name domainname Router(config)# crypto key generate rsa and line vty 0 4 transport input all What do you think is the problem. Thanks Ruihai ""Clayton Price"" [EMAIL PROTECTED] wrote in message 9a4033$lvh$[EMAIL PROTECTED]">news:9a4033$lvh$[EMAIL PROTECTED]... Depending on the platform I think you left out some vital commands. Router(config)# hostname hostname Router(config)# ip domain-name domainname Router(config)# crypto key generate rsa http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121 t/121t1/sshv1.htm#xtocid265436 Clayton Price ""Sean Young"" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... The answer is a very easy one. You need to download Cisco IOS with either DES or 3DES. Furthermore, you will need to do this: line vty 0 4 transport input ssh That will do the trick. If you want to be even more secure, implement TACACS server instead of local account. By the way "transport input ssh" essentially cut-off telnet to your router. I've heard of newbies in this group suggesting of implementing access-list to prevent. That's not the right way to do it. Another thing, remember Cisco IOS only supports SSH version 1 and keep in mind that SSH 1 does have security vulnerabilities. F___ those bastards at Cisco for not implementing SSH2 on Cisco IOS. From: "Groupstudy.com" [EMAIL PROTECTED] Reply-To: "Groupstudy.com" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Secure telnet to your router using SSH Date: Fri, 30 Mar 2001 18:24:02 -0500 I have been using SSH to secure my telnet connection toPIX. Does anyone know how to do the samething to IOS router? Thanks Ruihai _ Get your FREE download of MSN Explorer at http://explorer.msn.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Secure telnet to your router using SSH
I'm not sure if that release supports ssh. It might have to be one of the 12.1(x)T releases. Clayton ""Groupstudy.com"" [EMAIL PROTECTED] wrote in message 9a53ff$1pr$[EMAIL PROTECTED]">news:9a53ff$1pr$[EMAIL PROTECTED]... Thanks, Clayton, But I could not connet to the router using Tera Term Pro with SSH. I know the Tera Term is working because I have been using it to connect to my PIX through SSH. My router running Version 12.0(7)XK1 with DES support. I did the following. Router(config)# hostname hostname Router(config)# ip domain-name domainname Router(config)# crypto key generate rsa and line vty 0 4 transport input all What do you think is the problem. Thanks Ruihai ""Clayton Price"" [EMAIL PROTECTED] wrote in message 9a4033$lvh$[EMAIL PROTECTED]">news:9a4033$lvh$[EMAIL PROTECTED]... Depending on the platform I think you left out some vital commands. Router(config)# hostname hostname Router(config)# ip domain-name domainname Router(config)# crypto key generate rsa http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121 t/121t1/sshv1.htm#xtocid265436 Clayton Price ""Sean Young"" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... The answer is a very easy one. You need to download Cisco IOS with either DES or 3DES. Furthermore, you will need to do this: line vty 0 4 transport input ssh That will do the trick. If you want to be even more secure, implement TACACS server instead of local account. By the way "transport input ssh" essentially cut-off telnet to your router. I've heard of newbies in this group suggesting of implementing access-list to prevent. That's not the right way to do it. Another thing, remember Cisco IOS only supports SSH version 1 and keep in mind that SSH 1 does have security vulnerabilities. F___ those bastards at Cisco for not implementing SSH2 on Cisco IOS. From: "Groupstudy.com" [EMAIL PROTECTED] Reply-To: "Groupstudy.com" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Secure telnet to your router using SSH Date: Fri, 30 Mar 2001 18:24:02 -0500 I have been using SSH to secure my telnet connection toPIX. Does anyone know how to do the samething to IOS router? Thanks Ruihai _ Get your FREE download of MSN Explorer at http://explorer.msn.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Secure telnet to your router using SSH
do NOT Teraterm Pro, it doesn't work. The reason is that I think Cisco user SSH version 1.5.x or something which is something Teraterm does not support. Try putty. You can search for it from www.google.com. I had the same problem you have before. When I switch over to putty or minterm, it works like a charm. Sean From: "Groupstudy.com" [EMAIL PROTECTED] Reply-To: "Groupstudy.com" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: Secure telnet to your router using SSH Date: Sat, 31 Mar 2001 11:06:37 -0500 Thanks, Clayton, But I could not connet to the router using Tera Term Pro with SSH. I know the Tera Term is working because I have been using it to connect to my PIX through SSH. My router running Version 12.0(7)XK1 with DES support. I did the following. Router(config)# hostname hostname Router(config)# ip domain-name domainname Router(config)# crypto key generate rsaand line vty 0 4 transport input all What do you think is the problem. Thanks Ruihai ""Clayton Price"" [EMAIL PROTECTED] wrote in message 9a4033$lvh$[EMAIL PROTECTED]">news:9a4033$lvh$[EMAIL PROTECTED]... Depending on the platform I think you left out some vital commands. Router(config)# hostname hostname Router(config)# ip domain-name domainname Router(config)# crypto key generate rsa http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121 t/121t1/sshv1.htm#xtocid265436 Clayton Price ""Sean Young"" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... The answer is a very easy one. You need to download Cisco IOS with either DES or 3DES. Furthermore, you will need to do this: line vty 0 4 transport input ssh That will do the trick. If you want to be even more secure, implement TACACS server instead of local account. By the way "transport input ssh" essentially cut-off telnet to your router. I've heard of newbies in this group suggesting of implementing access-list to prevent. That's not the right way to do it. Another thing, remember Cisco IOS only supports SSH version 1 and keep in mind that SSH 1 does have security vulnerabilities. F___ those bastards at Cisco for not implementing SSH2 on Cisco IOS. From: "Groupstudy.com" [EMAIL PROTECTED] Reply-To: "Groupstudy.com" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Secure telnet to your router using SSH Date: Fri, 30 Mar 2001 18:24:02 -0500 I have been using SSH to secure my telnet connection toPIX. Does anyone know how to do the samething to IOS router? Thanks Ruihai _ Get your FREE download of MSN Explorer at http://explorer.msn.com _ Get your FREE download of MSN Explorer at http://explorer.msn.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Secure telnet to your router using SSH
Oh, Clayton is right. The IOS I am running is 12.1.7 with 3DES. However, my previous answer is correct that you need to use putty or mindterm ssh clients because Teraterm doesn't work with Cisco SSH in version 12.1.7. I learned it the hard way. From: "Clayton Price" [EMAIL PROTECTED] Reply-To: "Clayton Price" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: Secure telnet to your router using SSH Date: Sat, 31 Mar 2001 11:05:45 -0600 I'm not sure if that release supports ssh. It might have to be one of the 12.1(x)T releases. Clayton ""Groupstudy.com"" [EMAIL PROTECTED] wrote in message 9a53ff$1pr$[EMAIL PROTECTED]">news:9a53ff$1pr$[EMAIL PROTECTED]... Thanks, Clayton, But I could not connet to the router using Tera Term Pro with SSH. I know the Tera Term is working because I have been using it to connect to my PIX through SSH. My router running Version 12.0(7)XK1 with DES support. I did the following. Router(config)# hostname hostname Router(config)# ip domain-name domainname Router(config)# crypto key generate rsa and line vty 0 4 transport input all What do you think is the problem. Thanks Ruihai ""Clayton Price"" [EMAIL PROTECTED] wrote in message 9a4033$lvh$[EMAIL PROTECTED]">news:9a4033$lvh$[EMAIL PROTECTED]... Depending on the platform I think you left out some vital commands. Router(config)# hostname hostname Router(config)# ip domain-name domainname Router(config)# crypto key generate rsa http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121 t/121t1/sshv1.htm#xtocid265436 Clayton Price ""Sean Young"" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... The answer is a very easy one. You need to download Cisco IOS with either DES or 3DES. Furthermore, you will need to do this: line vty 0 4 transport input ssh That will do the trick. If you want to be even more secure, implement TACACS server instead of local account. By the way "transport input ssh" essentially cut-off telnet to your router. I've heard of newbies in this group suggesting of implementing access-list to prevent. That's not the right way to do it. Another thing, remember Cisco IOS only supports SSH version 1 and keep in mind that SSH 1 does have security vulnerabilities. F___ those bastards at Cisco for not implementing SSH2 on Cisco IOS. From: "Groupstudy.com" [EMAIL PROTECTED] Reply-To: "Groupstudy.com" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Secure telnet to your router using SSH Date: Fri, 30 Mar 2001 18:24:02 -0500 I have been using SSH to secure my telnet connection toPIX. Does anyone know how to do the samething to IOS router? Thanks Ruihai _ Get your FREE download of MSN Explorer at http://explorer.msn.com _ Get your FREE download of MSN Explorer at http://explorer.msn.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Secure telnet to your router using SSH
I have been using SSH to secure my telnet connection toPIX. Does anyone know how to do the samething to IOS router? Thanks Ruihai _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Secure telnet to your router using SSH
The answer is a very easy one. You need to download Cisco IOS with either DES or 3DES. Furthermore, you will need to do this: line vty 0 4 transport input ssh That will do the trick. If you want to be even more secure, implement TACACS server instead of local account. By the way "transport input ssh" essentially cut-off telnet to your router. I've heard of newbies in this group suggesting of implementing access-list to prevent. That's not the right way to do it. Another thing, remember Cisco IOS only supports SSH version 1 and keep in mind that SSH 1 does have security vulnerabilities. F___ those bastards at Cisco for not implementing SSH2 on Cisco IOS. From: "Groupstudy.com" [EMAIL PROTECTED] Reply-To: "Groupstudy.com" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Secure telnet to your router using SSH Date: Fri, 30 Mar 2001 18:24:02 -0500 I have been using SSH to secure my telnet connection toPIX. Does anyone know how to do the samething to IOS router? Thanks Ruihai _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ Get your FREE download of MSN Explorer at http://explorer.msn.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Secure telnet to your router using SSH
But just the other day *you* were the newbie asking how to do it! That's when I told you to go look for a cable stretcher... Don't go insulting the newbies now that you feel you've graduated. Z from [EMAIL PROTECTED]: By the way "transport input ssh" essentially cut-off telnet to your router. I've heard of newbies in this group suggesting of implementing access-list to prevent. That's not the right way to do it. Another thing, remember Cisco IOS only supports SSH version 1 and keep in mind that SSH 1 does have security vulnerabilities. F___ those bastards at Cisco for not implementing SSH2 on Cisco IOS. _ Get your FREE download of MSN Explorer at http://explorer.msn.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Secure telnet to your router using SSH
Depending on the platform I think you left out some vital commands. Router(config)# hostname hostname Router(config)# ip domain-name domainname Router(config)# crypto key generate rsa http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121 t/121t1/sshv1.htm#xtocid265436 Clayton Price ""Sean Young"" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... The answer is a very easy one. You need to download Cisco IOS with either DES or 3DES. Furthermore, you will need to do this: line vty 0 4 transport input ssh That will do the trick. If you want to be even more secure, implement TACACS server instead of local account. By the way "transport input ssh" essentially cut-off telnet to your router. I've heard of newbies in this group suggesting of implementing access-list to prevent. That's not the right way to do it. Another thing, remember Cisco IOS only supports SSH version 1 and keep in mind that SSH 1 does have security vulnerabilities. F___ those bastards at Cisco for not implementing SSH2 on Cisco IOS. From: "Groupstudy.com" [EMAIL PROTECTED] Reply-To: "Groupstudy.com" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Secure telnet to your router using SSH Date: Fri, 30 Mar 2001 18:24:02 -0500 I have been using SSH to secure my telnet connection toPIX. Does anyone know how to do the samething to IOS router? Thanks Ruihai _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ Get your FREE download of MSN Explorer at http://explorer.msn.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Telnet to a Router
I am trying to telnet to a 2514 router from work. I have a Linksys BEFSR41 ethernet/dsl router on my incoming cable line. I have enabled port forwarding for telnet (port 23) on this router. I have also set up vty on the 2514. When I try to telnet to the wan interface of the Linksys forwarded to the ethernet interface on the 2514 I get the message "Could not open a connection to host: Connection failed". But if I remote access an NT server inside my home net (on internal address space), from there I can telnet (on the private address space) to the same ethernet interface and connect. Since I can remote access my NT box, port forwarding on the Linksys router is working. Also the 2514 should be set properly since I can telnet in from within my lan. I must be overlooking something but I cannot figure it out. I would appreciate any ideas or assistance. TIA Mark _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Telnet to a Router
Hi Mark, Could it be that the router doesn't know where to send packets it is trying to reply to? Try adding a static route to your gateway, so packets coming in will know where to go (your gateway) once it arrives. ip route 0.0.0.0 0.0.0.0 e0 That is one way of doing it. Please make suggestions if there is better way. Of course you could use a routing protocol, but thats abit complicated when all you want to do is telnet in. Regards, Albert -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Mark Rose Sent: Tuesday, 6 March 2001 4:28 To: Cisco@Groupstudy. Com (E-mail) Subject: Telnet to a Router I am trying to telnet to a 2514 router from work. I have a Linksys BEFSR41 ethernet/dsl router on my incoming cable line. I have enabled port forwarding for telnet (port 23) on this router. I have also set up vty on the 2514. When I try to telnet to the wan interface of the Linksys forwarded to the ethernet interface on the 2514 I get the message "Could not open a connection to host: Connection failed". But if I remote access an NT server inside my home net (on internal address space), from there I can telnet (on the private address space) to the same ethernet interface and connect. Since I can remote access my NT box, port forwarding on the Linksys router is working. Also the 2514 should be set properly since I can telnet in from within my lan. I must be overlooking something but I cannot figure it out. I would appreciate any ideas or assistance. TIA Mark _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Telnet to a Router
I have a Netgear and have to specify a default host for a given port. Do you have something similar? My default host for port 23 is my access layer 2501 and I can telnet in from outside of my LAN. Tim -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Mark Rose Sent: Monday, March 05, 2001 6:28 PM To: Cisco@Groupstudy. Com (E-mail) Subject: Telnet to a Router I am trying to telnet to a 2514 router from work. I have a Linksys BEFSR41 ethernet/dsl router on my incoming cable line. I have enabled port forwarding for telnet (port 23) on this router. I have also set up vty on the 2514. When I try to telnet to the wan interface of the Linksys forwarded to the ethernet interface on the 2514 I get the message "Could not open a connection to host: Connection failed". But if I remote access an NT server inside my home net (on internal address space), from there I can telnet (on the private address space) to the same ethernet interface and connect. Since I can remote access my NT box, port forwarding on the Linksys router is working. Also the 2514 should be set properly since I can telnet in from within my lan. I must be overlooking something but I cannot figure it out. I would appreciate any ideas or assistance. TIA Mark _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Telnet to a Router
h, I have 2 BEFSR41s (one for adsl and one for cable) and all port forwarding works ok also. You say that you can remotely access an NT server. I take it that is by Telnet? So, then you also try to telnet the router? I'm wondering if you're allowed to have a single port (port 23) forwarded to different inside addresses. which is what it sounds like you're trying to do. Define only one end address for port 23 (the router) and try that. For all my port forwarding I have only one destination for each defined port/range. Kevin Wigle - Original Message - From: "Mark Rose" [EMAIL PROTECTED] To: "Cisco@Groupstudy. Com (E-mail)" [EMAIL PROTECTED] Sent: Monday, 05 March, 2001 12:28 Subject: Telnet to a Router I am trying to telnet to a 2514 router from work. I have a Linksys BEFSR41 ethernet/dsl router on my incoming cable line. I have enabled port forwarding for telnet (port 23) on this router. I have also set up vty on the 2514. When I try to telnet to the wan interface of the Linksys forwarded to the ethernet interface on the 2514 I get the message "Could not open a connection to host: Connection failed". But if I remote access an NT server inside my home net (on internal address space), from there I can telnet (on the private address space) to the same ethernet interface and connect. Since I can remote access my NT box, port forwarding on the Linksys router is working. Also the 2514 should be set properly since I can telnet in from within my lan. I must be overlooking something but I cannot figure it out. I would appreciate any ideas or assistance. TIA Mark _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]