cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
605
Views
0
Helpful
9
Replies

why cant i telnet?

nygenxny123
Level 1
Level 1

I am unable to telnet to our ASA

the config is as follows

telnet 0.0.0.0 0.0.0.0 inside

telnet timeout 5

ssh 0.0.0.0 0.0.0.0 inside

ssh timeout 5

console timeout 0

threat-detection basic-threat

threat-detection statistics access-list

I am logged into the switch that this is connected to

1 Accepted Solution

Accepted Solutions

Yes. You can do something like the below configuration which excludes those addresses.

ip local pool A-Pool 172.30.0.10-172.30.0.254 mask 255.255.255.255

For testing purposes, try changing the pool to the above address range and let me know if it works. If it works, we know the pool was causing the issue, if not we can troubleshoot this further.

Regards,

Arul

*Pls rate if it helps*

View solution in original post

9 Replies 9

vvarakan
Level 1
Level 1

Enable packet capture on the inside interface to check the packet flow. Other option is to check connection build's and teardown but you need to enable "logging buffered debug"

sadly..we are using asdm 6.0 with the known bug and cant access it now

would that debug cause a huge load on my asa?

its at a remote site and i dont want to have it hang and get stuck

ajagadee
Cisco Employee
Cisco Employee

Hi,

Was this working before or is this a new set up.

Can you post the configuration from the ASA along with the source and destination IP Address that you are telnetting from. Make sure that you can ping the ASA inside interface.

Regards,

Arul

its an old setup that was never really e utilized..

here is the attached config..i edited some outside IP's..

My ip is 192.168.133.4 and i log into 192.168.4.2..

which has a vlan address of 172.30.0.1 configured on it

Try adding:

management-access inside

See if that helps.

HTH,

John

HTH, John *** Please rate all useful posts ***

Hi,

OK, configuration really helps. I don't think the below configuration is valid. You have an inside ip address of 172.30.0.2/16 and then you have configured a pool of ip addresses for the VPN Client, which is 172.30.0.x/24, which is overlapping with inside interface. This could be the issue that you are having issues accessing the inside interface.

!

interface GigabitEthernet0/1

nameif inside

security-level 100

ip address 172.30.0.2 255.255.0.0

ip local pool A-Pool 172.30.0.1-172.30.0.254 mask 255.255.255.0

Depending on your set up, you need to change the VPN Pool to a different subnet and make the necessary changes to the Split Tunnel ACL, NAT 0, etc and then try to telnet to the inside interface and see if it works.

Regards,

Arul

*Pls rate if it helps*

is there a way to exclude the address from the pool?

Yes. You can do something like the below configuration which excludes those addresses.

ip local pool A-Pool 172.30.0.10-172.30.0.254 mask 255.255.255.255

For testing purposes, try changing the pool to the above address range and let me know if it works. If it works, we know the pool was causing the issue, if not we can troubleshoot this further.

Regards,

Arul

*Pls rate if it helps*

Yes the Pool changed worked!!

I would think that the ASA would look for the .2 address so there wouldn't be any issues

thx

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: