Cannot pass telnet traffic to solaris server through FWSM

Unanswered Question
Aug 2nd, 2009
User Badges:
  • Bronze, 100 points or more

Hello experts,


I'm trying to allow telnet traffic from one vlan to another through the FWSM, and when I try to telnet from my windows machine to any solaris server on the other side, I get black screen (meaning port is opened), however, I do not get the prompt for username and password. if the same is done from any machine on the solaris side, the connection gets through.


Any guesses on why is this happening? BTW, I am allowing IP any any acl on both sides, and not doing any translation on either way...


If somebody give a proper solution, I will give a red tick and 5 points


Regards,

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
Loading.
Jon Marshall Sun, 08/02/2009 - 01:52
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Osama


Have you waited to see if the prompt eventually appears ?


Unix boxes often do a reverse DNS lookup on the incoming ip address and if DNS is being blocked on your firewall then it can take a while for it to time out.


If DNS isn't important on the Solaris box either turn it off and retest or in the resolv.conf use 127.0.0.1 as the DNS name server and retest.


Edit - just reread and realise you are allowing IP any any between the 2. However your DNS servers may be elsewhere in relation to the FWSM so it's still worth a quick test.


Jon

oabduo983 Sun, 08/02/2009 - 02:07
User Badges:
  • Bronze, 100 points or more

> Have you waited to see if the prompt eventually appears ?


Yes, but it did not appear!


> If DNS isn't important on the Solaris box either turn it off and retest or in the resolv.conf use 127.0.0.1 as the DNS name server and retest.


should the reverse lookup stop the telnet traffic? we already have permit IP any any, and all the pinging is done fine both ways!

oabduo983 Sun, 08/02/2009 - 04:12
User Badges:
  • Bronze, 100 points or more

The issue is solved. Actually when we snooped the telnet traffic of the solaris server. we found the server is dropping the packets. There is an inbound telnet traffic to the server and there is no return traffic from the server. so we changed the ip address of the existing interface, and played with the routing table, and it worked fine!

Actions

This Discussion