Question
-
Topic
-
Cisco 1841 router not allowing access
LockedI have a brand new Cisco 1841 with T1 WIC and the built in security
package. I have never been able to connect to it from any port other
than the serial console port. All others give no response. I have tried
the html port, the telnet, SSH, and even ftp. I have configured them
via the console cable and can ping them all day but can’t get any other
response. What am I missing? Included below is a copy of “sh run”,
edited to replace all public IP’s with 1.1.1.1 and password hashes and
RSA Keys with *.router#sh run
Building configuration…Current configuration : 6343 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service sequence-numbers
!
hostname router
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 10 log
security passwords min-length 6
logging buffered 51200 warnings
logging console critical
enable secret 5 *
enable password 7 *
!
no aaa new-model
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
no ip source-route
no ip gratuitous-arps
ip cef
!
!
ip inspect audit-trail
ip inspect udp idle-time 1800
ip inspect dns-timeout 7
ip inspect tcp idle-time 14400
ip inspect name autosec_inspect cuseeme timeout 3600
ip inspect name autosec_inspect ftp timeout 3600
ip inspect name autosec_inspect http timeout 3600
ip inspect name autosec_inspect rcmd timeout 3600
ip inspect name autosec_inspect realaudio timeout 3600
ip inspect name autosec_inspect smtp timeout 3600
ip inspect name autosec_inspect tftp timeout 30
ip inspect name autosec_inspect udp timeout 15
ip inspect name autosec_inspect tcp timeout 3600
!
!
no ip bootp server
ip domain name fakename.com
ip name-server 1.1.1.1
ip name-server 1.1.1.1
ip ssh time-out 60
ip ssh authentication-retries 2
ip ssh source-interface FastEthernet0/0
login block-for 5 attempts 5 within 5
!
!
!
crypto pki trustpoint TP-self-signed-*
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-*
revocation-check none
rsakeypair TP-self-signed-*
!
!
crypto pki certificate chain TP-self-signed-*
certificate self-signed 01*
quit
username cisco privilege 15 secret 5 *
username administrator privilege 15 password 7 *
!
!
!
!
!
interface FastEthernet0/0
description EXTRA LAN PORT
no ip address
ip access-group 103 in
ip access-group 101 out
no ip redirects
no ip unreachables
no ip proxy-arp
ip nbar protocol-discovery
ip nat inside
ip virtual-reassembly
shutdown
duplex auto
speed auto
no mop enabled
!
interface FastEthernet0/1
description INSIDE LAN
ip address 192.168.0.200 255.255.255.0
ip access-group 103 in
ip access-group 101 out
no ip redirects
no ip unreachables
no ip proxy-arp
ip nbar protocol-discovery
ip nat inside
ip rip v2-broadcast
ip virtual-reassembly
duplex auto
speed auto
no mop enabled
!
interface Serial0/0/0
description OUTSIDE CENTURY TEL T1 INTERNET SERVICE
bandwidth 1536
ip address 1.1.1.1 255.255.255.252
ip access-group 103 in
ip access-group 101 out
no ip redirects
no ip unreachables
no ip proxy-arp
ip nbar protocol-discovery
ip inspect autosec_inspect out
ip nat outside
ip rip v2-broadcast
ip virtual-reassembly
encapsulation ppp
service-module t1 timeslots 1-24
service-module t1 remote-alarm-enable
service-module t1 fdl both
!
router rip
version 2
passive-interface FastEthernet0/1
passive-interface Serial0/0/0
network 192.168.0.0
no auto-summary
!
ip classless
ip route 0.0.0.0 0.0.0.0 1.1.1.1
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 600 life 86400 requests 10000
ip nat pool fakename 1.1.1.1 1.1.1.1 netmask 255.255.255.248
ip nat inside source list 1 pool fakename overload
ip nat inside source static tcp 192.168.0.200 23 64.238.253.242 23
extendable
!
ip access-list extended autosec_firewall_acl
permit udp any any eq bootpc
deny ip any any
permit ip host 192.168.0.14 any
!
logging trap debugging
logging facility local2
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 2 permit any
access-list 23 permit 10.10.10.0 0.0.0.7
access-list 101 permit tcp any any
access-list 101 permit ip any any
access-list 103 permit tcp any any
access-list 103 permit icmp any any
access-list 103 permit ip any any
access-list 103 permit tcp any eq telnet host 192.168.0.200 eq telnet
access-list compiled
dialer-list 1 protocol ip permit
no cdp run
!
!
control-plane
!
banner login ^CCCC
——————————————————
—————–
Welcome to the router.Any unauthorized use of this system will be prosecuted to the full
extent of theLAW. This system is monitored and logged.
^C
!
line con 0
exec-timeout 60 0
login local
transport output telnet
line aux 0
exec-timeout 15 0
transport output telnet
line vty 0 4
access-class 23 in
exec-timeout 30 0
privilege level 15
password 7 01140E4C1218125D19
login local
transport input telnet
line vty 5 15
access-class 23 in
privilege level 15
password 7 121E0D18011F5E3C
login
transport input ssh
!
end