12-09-2008 07:05 AM - edited 03-11-2019 07:23 AM
I am unable to telnet to our ASA
the config is as follows
telnet 0.0.0.0 0.0.0.0 inside
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 inside
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
I am logged into the switch that this is connected to
Solved! Go to Solution.
12-09-2008 07:48 PM
Yes. You can do something like the below configuration which excludes those addresses.
ip local pool A-Pool 172.30.0.10-172.30.0.254 mask 255.255.255.255
For testing purposes, try changing the pool to the above address range and let me know if it works. If it works, we know the pool was causing the issue, if not we can troubleshoot this further.
Regards,
Arul
*Pls rate if it helps*
12-09-2008 09:52 AM
Enable packet capture on the inside interface to check the packet flow. Other option is to check connection build's and teardown but you need to enable "logging buffered debug"
12-09-2008 10:28 AM
sadly..we are using asdm 6.0 with the known bug and cant access it now
would that debug cause a huge load on my asa?
its at a remote site and i dont want to have it hang and get stuck
12-09-2008 11:12 AM
Hi,
Was this working before or is this a new set up.
Can you post the configuration from the ASA along with the source and destination IP Address that you are telnetting from. Make sure that you can ping the ASA inside interface.
Regards,
Arul
12-09-2008 01:12 PM
12-09-2008 01:49 PM
Try adding:
management-access inside
See if that helps.
HTH,
John
12-09-2008 02:06 PM
Hi,
OK, configuration really helps. I don't think the below configuration is valid. You have an inside ip address of 172.30.0.2/16 and then you have configured a pool of ip addresses for the VPN Client, which is 172.30.0.x/24, which is overlapping with inside interface. This could be the issue that you are having issues accessing the inside interface.
!
interface GigabitEthernet0/1
nameif inside
security-level 100
ip address 172.30.0.2 255.255.0.0
ip local pool A-Pool 172.30.0.1-172.30.0.254 mask 255.255.255.0
Depending on your set up, you need to change the VPN Pool to a different subnet and make the necessary changes to the Split Tunnel ACL, NAT 0, etc and then try to telnet to the inside interface and see if it works.
Regards,
Arul
*Pls rate if it helps*
12-09-2008 07:00 PM
is there a way to exclude the address from the pool?
12-09-2008 07:48 PM
Yes. You can do something like the below configuration which excludes those addresses.
ip local pool A-Pool 172.30.0.10-172.30.0.254 mask 255.255.255.255
For testing purposes, try changing the pool to the above address range and let me know if it works. If it works, we know the pool was causing the issue, if not we can troubleshoot this further.
Regards,
Arul
*Pls rate if it helps*
12-10-2008 01:01 PM
Yes the Pool changed worked!!
I would think that the ASA would look for the .2 address so there wouldn't be any issues
thx
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: