03-31-2009 08:46 PM - edited 03-04-2019 04:10 AM
Hello
I have a router (called router1) which can ping public routerA. However when I telnet to public routerA from my router it just says
router1#telnet routerA
Trying routerA ...
% Connection timed out; remote host not responding
However when I debug of the tcp packet from router1 to routerA I get the following:
the command I used:
router1#debug ip tcp packet address routerA
The output I received:
router1#sh log
Log Buffer (4096 bytes):
*Apr 1 03:38:31.679: tcp515: O CLOSED routerA:23 router1:12291 seq 3459893986
OPTS 4 SYN WIN 4128
*Apr 1 03:38:33.679: tcp515: R SYNSENT routerA:23 router1:12291 seq 3459893986
OPTS 4 SYN WIN 4128
*Apr 1 03:38:37.679: tcp515: R SYNSENT routerA:23 router1:12291 seq 3459893986
OPTS 4 SYN WIN 4128
*Apr 1 03:38:45.679: tcp515: R SYNSENT routerA:23 router1:12291 seq 3459893986
OPTS 4 SYN WIN 4128
*Apr 1 03:41:41.655: TCP: sent RST to 118.168.108.171:2151 from 202.55.106.11:25
*Apr 1 03:41:48.431: TCP: sent RST to 118.168.108.171:2151 from 202.55.106.11:25
router1#
From the above the first line says CLOSED Does this mean the telnet session is closed as soon as I try to connect? If so, is it possible to find out from a debug why this is?
When I try to ping routerA it works fine:
router1#ping routerA
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to routerA, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/12/12 ms
Any ideas?
Thanks
willemvw
03-31-2009 10:32 PM
Hi Willemvw
May be at that time all vty lines were full or checl have your configure telnet?
regards
shivlu jain
04-01-2009 11:30 AM
Hi Shivlu
Is there a way to check this? I know no one can currently telnet to the device.
04-01-2009 05:47 AM
Willem:
There are security measures meant to control who can telnet to a device.
One of them is an ACL that is applied to the vty interfaces:
access-list 25 permit 192.168.2.0 0.0.0.255
line vty 0 4
access-class 25 in
That can also be happening if the device does not support telnet access, but only, say, SSH.
line vty 5 15
transport input ssh
HTH
Victor
04-01-2009 11:32 AM
Hi Victor
The ACL's were the first things I checked. What I have configured on the vty lines are as follows:
line vty 0 4
exec-timeout 30 0
login authentication local
transport input telnet
line vty 5 15
privilege level 15
transport input telnet
!
regards
willemvw
04-01-2009 11:47 AM
willemvw,
Don't tell me that you're using PAT at RouterA and using "permit ip any or permit ip any any" for PAT.
Please provide us with the configuration on RouterA.
Toshi
04-01-2009 02:45 PM
Hi Toshi
As far as I am aware there is not PAT. Although I had our upstream provider connecting to their router (RouterB) which is directly connected to RouterA. The upstream can ping RouterA from routerB but as soon as he tried to telnet to routerA it times out. This indicates the config is an issue and not so much the routing.
I am trying to get the config for routerA to you as I can do with assistance. Once I have it I will post it here.
Thanks
willemvw
04-16-2009 06:11 PM
Hi Everyone
We have found the problem to be a firewall issue. Somehow the FW was giving us some routing problems. This has been fixed and we can telnet to the router from remote ends.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: