Cannot telnet to router - router not generating syn-ack

Unanswered Question
Jul 23rd, 2009

Hi,.

Telnetting to router behind Checkpoint Firewall from our Management Server. I can ping the management ip address 192.168.247.101 from the Management server, I can do a SNMP Walk also successfull. However, when I try telnet I do not get a reply. I can see the initial request hitting the router but the router does not generate a syn-ack back to the Management server.

The management server is 19.46.240.66 and the Routers source-ip is 192.168.247.101. I do have another router that sits on the same lan and I can telnet between them so there is not a problem with the local telnet process.

What else could be wrong here?

Regards

Mary

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
maryodriscoll Thu, 07/23/2009 - 06:59

TestRtr#debug ip packet 161 detail

IP packet debugging is on (detailed) for access list 161

TestRtr#>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>Telnet port - syn, rtr not sending syn ack back>>>>

*Jul 23 13:56:30.584: IP: tableid=0, s=19.46.240.66 (FastEthernet0/0), d=192.168.247.101 (Loopback0), routed via RIB

*Jul 23 13:56:30.584: IP: s=19.46.240.66 (FastEthernet0/0), d=192.168.247.101, len 48, rcvd 4

*Jul 23 13:56:30.588: TCP src=40880, dst=23, seq=1187563472, ack=0, win=24820 SYN

*Jul 23 13:56:33.944: IP: tableid=0, s=19.46.240.66 (FastEthernet0/0), d=192.168.247.101 (Loopback0), routed via RIB

*Jul 23 13:56:33.944: IP: s=19.46.240.66 (FastEthernet0/0), d=192.168.247.101, len 48, rcvd 4

*Jul 23 13:56:33.944: TCP src=40880, dst=23, seq=1187563472, ack=0, win=24820 SYN

*Jul 23 13:56:40.696: IP: tableid=0, s=19.46.240.66 (FastEthernet0/0), d=192.168.247.101 (Loopback0), routed via RIB

*Jul 23 13:56:40.696: IP: s=19.46.240.66 (FastEthernet0/0), d=192.168.247.101, len 48, rcvd 4

*Jul 23 13:56:40.696: TCP src=40880, dst=23, seq=1187563472, ack=0, win=24820 SYN

TestRtr#

TestRtr#

TestRtr#sh access-list 161

Extended IP access list 161

10 permit tcp host 19.46.240.66 host 192.168.247.101 eq telnet (14 matches)

20 permit udp host 19.46.240.66 host 192.168.247.101 eq snmp (216 matches)

30 permit udp host 192.168.247.101 eq snmp host 19.46.240.66 (216 matches)

40 permit tcp host 192.168.247.101 eq telnet host 19.46.240.66

TestRtr#

*************************************************************************************************************

TestRtr#sh access-list 161

Extended IP access list 161

10 permit tcp host 19.46.240.66 host 192.168.247.101 eq telnet (14 matches)

20 permit udp host 19.46.240.66 host 192.168.247.101 eq snmp (376 matches)

30 permit udp host 192.168.247.101 eq snmp host 19.46.240.66 (376 matches)

40 permit tcp host 192.168.247.101 eq telnet host 19.46.240.66

TestRtr#

TestRtr# <<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>

*Jul 23 14:02:35.220: %CLEAR-5-COUNTERS: Clear counter on all interfaces by vty0 (192.168.134.5)

*Jul 23 14:02:43.552: IP: tableid=0, s=19.46.240.66 (FastEthernet0/0), d=192.168.247.101 (Loopback0), routed via RIB

*Jul 23 14:02:43.552: IP: s=19.46.240.66 (FastEthernet0/0), d=192.168.247.101, len 64, rcvd 4

*Jul 23 14:02:43.552: UDP src=37664, dst=161

*Jul 23 14:02:43.552: IP: tableid=0, s=192.168.247.101 (local), d=19.46.240.66 (FastEthernet0/0), routed via FIB

*Jul 23 14:02:43.552: IP: s=192.168.247.101 (local), d=19.46.240.66 (FastEthernet0/0), len 332, sending

*Jul 23 14:02:43.552: UDP src=161, dst=37664

*Jul 23 14:02:43.632: IP: tableid=0, s=19.46.240.66 (FastEthernet0/0), d=192.168.247.101 (Loopback0), routed via RIB

*Jul 23 14:02:43.632: IP: s=19.46.240.66 (FastEthernet0/0), d=192.168.247.101, len 71, rcvd 4

*Jul 23 14:02:43.632: UDP src=37664, dst=161

*Jul 23 14:02:43.632: IP: tableid=0, s=192.168.247.101 (local), d=19.46.240.66 (FastEthernet0/0), routed via FIB

*Jul 23 14:02:43.632: IP: s=192.168.247.101 (local), d=19.46.240.66 (FastEthernet0/0), len 80, sending

*Jul 23 14:02:43.632: UDP src=161, dst=37664

maryodriscoll Thu, 07/23/2009 - 08:16

No, no acl whatsoever....

line vty 0 4

exec-timeout 15 0

timeout login response 15

password 7 06015C351C480F1B0C

absolute-timeout 300

no login

transport input all

line vty 5 15

exec-timeout 15 0

timeout login response 15

password 7 06015C351C480F1B0C

absolute-timeout 300

no login

transport input all

yagnesh_tel Fri, 07/24/2009 - 09:50

Only thing I can think for this behaviour is unavailability of vty line.

Could you check this using 'sh users' command.

maryodriscoll Sat, 07/25/2009 - 01:21

Hi

See below. Don't think its that though as I can telnet over the lan from another router. Its just from 19.46.240.66 that the requests get rejected - no ACLs' or anything. Router not generating response to Syn from the Management server?

Any other ideas before I open up a TAC call?

Test_Router#sh users

Line User Host(s) Idle Location

*322 vty 0 idle 00:00:00 192.168.134.5

Interface User Mode Idle Peer Address

Actions

This Discussion