Hi there,

1. Is there anyone out there that is able to assist with allowing telnet to vty 0 4.
I am using ssh and would like to use port redirection on the router to do so. Any idea re access lists?

2. I want to setup VPN access for client workstations also. I have access-lists that I need to tweek.

I am happy to email this to someone here are the access-lists etc:
ip domain-name local
ip dhcp excluded-address 192.168.1.1 192.168.1.99
ip dhcp excluded-address 192.168.1.1
!
ip dhcp pool dhcppool
 import all
 network 192.168.1.0 255.255.255.0
 default-router 192.168.1.1
 update arp

.....

no ip bootp server
ip inspect name firewall tcp
ip inspect name firewall udp
ip inspect name firewall cuseeme
ip inspect name firewall h323
ip inspect name firewall rcmd
ip inspect name firewall realaudio
ip inspect name firewall streamworks
ip inspect name firewall vdolive
ip inspect name firewall sqlnet
ip inspect name firewall tftp
ip inspect name firewall ftp
ip inspect name firewall icmp
ip inspect name firewall realaudio
ip inspect name firewall sip
ip inspect name firewall esmtp
ip inspect name firewall fragment
ip inspect name firewall netshow
ip inspect name firewall rtsp
ip inspect name firewall skinny

.......

interface Ethernet0
 ip address 192.168.1.1 255.255.255.0
 ip access-group 102 in
 ip nat inside
 no ip directed-broadcast
 exit
!
interface ATM0
 dsl operating-mode auto
 exit
!
interface ATM0.1 point-to-point
 pvc 0/100
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !
 exit
!
interface Dialer0
 bandwidth 640
 ip address negotiated
 ip inspect firewall out
 ip audit intrusion in
 ip access-group 101 in
 no ip redirects
 no ip unreachables
 ip nat outside
 encapsulation ppp
 no ip route-cache
 no ip mroute-cache
 dialer pool 1
 dialer-group 1
 ppp pap sent-username user@domain.com password P@ssword
 ppp ipcp dns request
 crypto map cm-cryptomap
 no cdp enable
 exit
!
ip local pool vpnclients 192.168.2.1 192.168.2.254
ip nat inside source list 105 interface Dialer0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
no ip http server
!
!
line vty 0 4
 access-class 2 in
 transport input telnet ssh
 transport output none
 exit
!
access-list 1 remark The local LAN.
access-list 1 permit 192.168.1.0 0.0.0.255
!
access-list 2 remark Where management can be done from.
access-list 2 permit any
ip port-map telnets port 2323 list 2
!
access-list 3 remark Traffic not to check for intrustion detection.
access-list 3 deny 192.168.2.0 0.0.0.255
access-list 3 permit any
!
access-list 101 remark Traffic allowed to enter the router from the Internet
access-list 101 permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 101 deny ip 0.0.0.0 0.255.255.255 any
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip 169.254.0.0 0.0.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.0.2.0 0.0.0.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip 198.18.0.0 0.1.255.255 any
access-list 101 deny ip 224.0.0.0 0.15.255.255 any
access-list 101 deny ip any host 255.255.255.255
access-list 101 permit udp any any eq 4500
access-list 101 permit udp any any eq isakmp
access-list 101 permit esp any any
access-list 101 permit tcp any any eq 1723
access-list 101 permit gre any any
access-list 101 permit tcp any any eq 2323
access-list 101 deny icmp any any echo
access-list 101 deny ip any any log
!
access-list 102 remark Traffic allowed to enter the router from the Ethernet
access-list 102 permit ip any host 192.168.1.1
access-list 102 deny ip any host 192.168.1.255
access-list 102 deny udp any any eq tftp log
access-list 102 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 102 deny ip any 0.0.0.0 0.255.255.255 log
access-list 102 deny ip any 10.0.0.0 0.255.255.255 log
access-list 102 deny ip any 127.0.0.0 0.255.255.255 log
access-list 102 deny ip any 169.254.0.0 0.0.255.255 log
access-list 102 deny ip any 172.16.0.0 0.15.255.255 log
access-list 102 deny ip any 192.0.2.0 0.0.0.255 log
access-list 102 deny ip any 192.168.0.0 0.0.255.255 log
access-list 102 deny ip any 198.18.0.0 0.1.255.255 log
access-list 102 deny udp any any eq 135 log
access-list 102 deny tcp any any eq 135 log
access-list 102 deny udp any any eq 137 log
access-list 102 deny udp any any eq 138 log
access-list 102 deny tcp any any eq 445 log
access-list 102 permit ip 192.168.1.0 0.0.0.255 any
access-list 102 permit ip any host 255.255.255.255
access-list 102 deny ip any any log
!
access-list 105 remark Traffic to NAT
access-list 105 deny ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 105 permit ip 192.168.1.0 0.0.0.255 any
!
access-list 106 remark User to Site VPN Clients
access-list 106 permit ip 192.168.1.0 0.0.0.255 any
!
dialer-list 1 protocol ip permit

........etc