«

»

Mar 13

Telnet to Router Interface from outside

 

This post answers the typical question of how to Telnet to Router Interface from outside. Also it details the configuration steps which enables telnet access to router’s outside interface.

I have setup a small lab on GNS3 to give an exact idea of how an internet facing router is typically

configured and how you can modify it to enable access from outside which can be required for remote

support etc.

Typical NAT

NAT Source Mapped IP NAT Destination
Any Interface IP 192.168.0.1 Any

Configuration

Int lo0
Ip address 10.10.10.1 255.255.255.0
nat inside

Int s1/0
Ip address 192.168.0.1 255.255.255.0
nat outside

ip nat inside source list inside-nat interface Serial1/0 overload
ip access-list extended inside-nat
permit ip any any

The above configuration is a typical configuration which will NAT anything passing through the router to

outside interface. NAT Interface Overload is used, which uses Interface IP address to hide inside networks

behind it.
Now, if you want to connect to outside interface, it wouldn’t work because the router is configured to NAT

anything leaving outside interface.

We can change the NAT as following to catch only the networks that need NAT.

Specific  Source NAT

NAT Source Mapped IP NAT Destination
10.10.10.0/24 Int IP – 192.168.0.1 Any

We will do this by changing the ACL which catches traffic to be NATed.

ip access-list extended inside-nat
no  permit ip any any
permit ip 10.10.10.0 0.0.0.255 any

However, for security reasons you can attach an ACL to outside interface, permitting only specific IP addresses allowed to Telnet to router.

You can download the router configs and GNS3 Lab Topology for yourself to play with from following link

http://www.mediafire.com/download.php?mq5s4v7rl0jz0m8

Telnet To Router Outside Interface.jpeg

Leave a Reply

%d bloggers like this: