Connection problem to router

Unanswered Question
Mar 31st, 2009

Hello

I have a router (called router1) which can ping public routerA. However when I telnet to public routerA from my router it just says

router1#telnet routerA

Trying routerA ...

% Connection timed out; remote host not responding

However when I debug of the tcp packet from router1 to routerA I get the following:

the command I used:

router1#debug ip tcp packet address routerA

The output I received:

router1#sh log

Log Buffer (4096 bytes):

*Apr 1 03:38:31.679: tcp515: O CLOSED routerA:23 router1:12291 seq 3459893986

OPTS 4 SYN WIN 4128

*Apr 1 03:38:33.679: tcp515: R SYNSENT routerA:23 router1:12291 seq 3459893986

OPTS 4 SYN WIN 4128

*Apr 1 03:38:37.679: tcp515: R SYNSENT routerA:23 router1:12291 seq 3459893986

OPTS 4 SYN WIN 4128

*Apr 1 03:38:45.679: tcp515: R SYNSENT routerA:23 router1:12291 seq 3459893986

OPTS 4 SYN WIN 4128

*Apr 1 03:41:41.655: TCP: sent RST to 118.168.108.171:2151 from 202.55.106.11:25

*Apr 1 03:41:48.431: TCP: sent RST to 118.168.108.171:2151 from 202.55.106.11:25

router1#

From the above the first line says CLOSED Does this mean the telnet session is closed as soon as I try to connect? If so, is it possible to find out from a debug why this is?

When I try to ping routerA it works fine:

router1#ping routerA

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to routerA, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 12/12/12 ms

Any ideas?

Thanks

willemvw

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
shivlu jain Tue, 03/31/2009 - 22:32

Hi Willemvw

May be at that time all vty lines were full or checl have your configure telnet?

regards

shivlu jain

willemvwyk Wed, 04/01/2009 - 11:30

Hi Shivlu

Is there a way to check this? I know no one can currently telnet to the device.

lamav Wed, 04/01/2009 - 05:47

Willem:

There are security measures meant to control who can telnet to a device.

One of them is an ACL that is applied to the vty interfaces:

access-list 25 permit 192.168.2.0 0.0.0.255

line vty 0 4

access-class 25 in

That can also be happening if the device does not support telnet access, but only, say, SSH.

line vty 5 15

transport input ssh

HTH

Victor

willemvwyk Wed, 04/01/2009 - 11:32

Hi Victor

The ACL's were the first things I checked. What I have configured on the vty lines are as follows:

line vty 0 4

exec-timeout 30 0

login authentication local

transport input telnet

line vty 5 15

privilege level 15

transport input telnet

!

regards

willemvw

thotsaphon Wed, 04/01/2009 - 11:47

willemvw,

Don't tell me that you're using PAT at RouterA and using "permit ip any or permit ip any any" for PAT.

Please provide us with the configuration on RouterA.

Toshi

willemvwyk Wed, 04/01/2009 - 14:45

Hi Toshi

As far as I am aware there is not PAT. Although I had our upstream provider connecting to their router (RouterB) which is directly connected to RouterA. The upstream can ping RouterA from routerB but as soon as he tried to telnet to routerA it times out. This indicates the config is an issue and not so much the routing.

I am trying to get the config for routerA to you as I can do with assistance. Once I have it I will post it here.

Thanks

willemvw

willemvwyk Thu, 04/16/2009 - 18:11

Hi Everyone

We have found the problem to be a firewall issue. Somehow the FW was giving us some routing problems. This has been fixed and we can telnet to the router from remote ends.

Actions

This Discussion