Connection problem to router

Unanswered Question
Mar 31st, 2009
User Badges:

Hello


I have a router (called router1) which can ping public routerA. However when I telnet to public routerA from my router it just says

router1#telnet routerA

Trying routerA ...

% Connection timed out; remote host not responding


However when I debug of the tcp packet from router1 to routerA I get the following:


the command I used:

router1#debug ip tcp packet address routerA


The output I received:

router1#sh log


Log Buffer (4096 bytes):


*Apr 1 03:38:31.679: tcp515: O CLOSED routerA:23 router1:12291 seq 3459893986

OPTS 4 SYN WIN 4128

*Apr 1 03:38:33.679: tcp515: R SYNSENT routerA:23 router1:12291 seq 3459893986

OPTS 4 SYN WIN 4128

*Apr 1 03:38:37.679: tcp515: R SYNSENT routerA:23 router1:12291 seq 3459893986

OPTS 4 SYN WIN 4128

*Apr 1 03:38:45.679: tcp515: R SYNSENT routerA:23 router1:12291 seq 3459893986

OPTS 4 SYN WIN 4128

*Apr 1 03:41:41.655: TCP: sent RST to 118.168.108.171:2151 from 202.55.106.11:25

*Apr 1 03:41:48.431: TCP: sent RST to 118.168.108.171:2151 from 202.55.106.11:25

router1#


From the above the first line says CLOSED Does this mean the telnet session is closed as soon as I try to connect? If so, is it possible to find out from a debug why this is?


When I try to ping routerA it works fine:


router1#ping routerA


Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to routerA, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 12/12/12 ms


Any ideas?


Thanks

willemvw

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
shivlu jain Tue, 03/31/2009 - 22:32
User Badges:
  • Silver, 250 points or more

Hi Willemvw


May be at that time all vty lines were full or checl have your configure telnet?


regards

shivlu jain

willemvwyk Wed, 04/01/2009 - 11:30
User Badges:

Hi Shivlu


Is there a way to check this? I know no one can currently telnet to the device.

lamav Wed, 04/01/2009 - 05:47
User Badges:
  • Blue, 1500 points or more

Willem:


There are security measures meant to control who can telnet to a device.


One of them is an ACL that is applied to the vty interfaces:


access-list 25 permit 192.168.2.0 0.0.0.255


line vty 0 4

access-class 25 in


That can also be happening if the device does not support telnet access, but only, say, SSH.


line vty 5 15

transport input ssh


HTH


Victor

willemvwyk Wed, 04/01/2009 - 11:32
User Badges:

Hi Victor


The ACL's were the first things I checked. What I have configured on the vty lines are as follows:


line vty 0 4

exec-timeout 30 0

login authentication local

transport input telnet

line vty 5 15

privilege level 15

transport input telnet

!


regards

willemvw

thotsaphon Wed, 04/01/2009 - 11:47
User Badges:
  • Gold, 750 points or more

willemvw,

Don't tell me that you're using PAT at RouterA and using "permit ip any or permit ip any any" for PAT.


Please provide us with the configuration on RouterA.


Toshi

willemvwyk Wed, 04/01/2009 - 14:45
User Badges:

Hi Toshi


As far as I am aware there is not PAT. Although I had our upstream provider connecting to their router (RouterB) which is directly connected to RouterA. The upstream can ping RouterA from routerB but as soon as he tried to telnet to routerA it times out. This indicates the config is an issue and not so much the routing.

I am trying to get the config for routerA to you as I can do with assistance. Once I have it I will post it here.


Thanks

willemvw

willemvwyk Thu, 04/16/2009 - 18:11
User Badges:

Hi Everyone


We have found the problem to be a firewall issue. Somehow the FW was giving us some routing problems. This has been fixed and we can telnet to the router from remote ends.

Actions

This Discussion