Re: [Fwd: How to change the default telnet port in CISCO IOS?]

From: Mathew Fernando (mathew@oztralia.com)
Date: Wed Apr 21 2004 - 10:49:11 GMT-3

• Next message: Tim Last: "3550 Layer 3 access-lists applied to layer 2 ports"
• Previous message: Wright, Jeremy: "RE: TED Help"
• Maybe in reply to: Mathew Fernando: "[Fwd: How to change the default telnet port in CISCO IOS?]"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi Peter,

Thank you for the below.

First I got the telnet access via the port 80 with PAT (as suggested
below) and then configuired the router for SSH server. Now I can do SSH
access from office via port 80 to my lab router at home.

I used the Putty SSH client with the port 80 to do the SSH from office.

If any body intrested for the router config, here it is:

!
version 12.2
service timestamps debug datetime msec
service timestamps log datetime
service password-encryption
!
hostname R9
!
aaa new-model
aaa authentication login NO-AAA none
!
username admin privilege 15 password 123
ip subnet-zero
no ip source-route
!
no ip domain-lookup
ip domain-name cisco.net
!
ip host r8 2040 1.1.1.1
ip host r7 2039 1.1.1.1
ip host r6 2038 1.1.1.1
ip host r5 2037 1.1.1.1
ip host r4 2036 1.1.1.1
ip host r3 2035 1.1.1.1
ip host r2 2034 1.1.1.1
ip host r1 2033 1.1.1.1
!
no ip bootp server
!
crypto key generate rsa
ip ssh time-out 60
ip ssh authentication-retries 2
!
interface Loopback100
 description -- For reverse telnet & NAT
 ip address 1.1.1.1 255.255.255.255
 ip nat inside
!
interface Ethernet0/0
 ip address 10.10.10.2 255.255.255.0
 ip nat outside
!
interface Serial0/0
 no ip address
!
interface Serial0/1
 no ip address
!
interface Serial0/2
 no ip address
!
interface Serial0/3
 no ip address
 no ip mroute-cache
!
ip nat inside source static tcp 1.1.1.1 22 10.10.10.2 80 extendable
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.10.10.254 <-- ADSL router local IP
!
ip http server
!
line con 0
 exec-timeout 0 0
line 33 40
 login authentication NO-AAA
 no exec
 transport input telnet
!
line aux 0
 exec-timeout 0 0
 password cisco
!
line vty 0 4
 exec-timeout 0 0
 password cisco
 transport input telnet ssh
!
end

Mathew

Peter Kowalsky wrote:

> Use NAT/PAT! Surely you have a firewall between your home lab and
> your Internet connection? If not, then create a loopback and make it
> the "ip nat inside", and create a static NAT entry on the router that
> maps it to port 80 or whatever you can get "out" of your company's
> firewall on... Use an access-class on the vty lines to limit
> connections to that port only.
>
> Check the Groupstudy archives -- this has been discussed in the past,
> and I've done the same thing to my lab in the past. Also, consider
> using SSH instead of telnet -- unless you control the firewall (and it
> doesn't sound like you do), then maybe you don't want everyone seeing
> what you're doing all afternoon connected to that outside address... ;-)
>
> Later,
> Pete
>
>
>> From: "Yasser Abdullah " <yasser@alharbitelecom.com>
>> Reply-To: "Yasser Abdullah " <yasser@alharbitelecom.com>
>> To: "'Mathew Fernando'" <mathew@oztralia.com>, <ccielab@groupstudy.com>
>> Subject: RE: [Fwd: How to change the default telnet port in CISCO IOS?]
>> Date: Mon, 19 Apr 2004 17:51:23 +0300
>>
>> Use the rotary command under the vty line.
>>
>> R3(config-line)#rotary x
>>
>> The telnet to the router port 300x
>>
>> Where x is between 1 & 99
>>
>> Brgds,
>>
>> Yasser
>>
>> -----Original Message-----
>> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
>> Mathew Fernando
>> Sent: Monday, April 19, 2004 1:15 PM
>> To: ccielab@groupstudy.com
>> Subject: [Fwd: How to change the default telnet port in CISCO IOS?]
>>
>> Hi,
>>
>> Is there a command in IOS to change the default telnet port 23 to any
>> other port number?
>> If possible, does it allow to us the port 80?
>>
>> The reason is that I need to access my home LAB from office but the
>> firewall in office does not allow access to outside port 23.
>>
>> Mathew
>>
>> _______________________________________________________________________
>> Please help support GroupStudy by purchasing your study materials from:
>> http://shop.groupstudy.com
>>
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>> _______________________________________________________________________
>> Please help support GroupStudy by purchasing your study materials from:
>> http://shop.groupstudy.com
>>
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>
>
> _________________________________________________________________
>
>> From must-see cities to the best beaches, plan a getaway with the Spring
>
> Travel Guide! http://special.msn.com/local/springtravel.armx

• Next message: Tim Last: "3550 Layer 3 access-lists applied to layer 2 ports"
• Previous message: Wright, Jeremy: "RE: TED Help"
• Maybe in reply to: Mathew Fernando: "[Fwd: How to change the default telnet port in CISCO IOS?]"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon May 03 2004 - 19:48:51 GMT-3