Solved: Re: login problem with fwsm

suthomas1 · ‎02-14-2010

we are having problems getting login to one of our fwsm firewall via telnet, though asdm access is working good.

this is the message that appears:

The default escape character is Ctrl-^, then x.
You can also type 'exit' at the remote prompt to end the session
Trying 127.0.0.61 ...
% Connection timed out; remote host not responding

Secondary firewall allows telnet access fine. Please suggest what may be the cause & any possible way out.

Thanks.

Kureli Sankar · ‎02-15-2010

Unfortunately both these are marked internal meaning no customer has faced this issue yet.

If you need an external link you need to open a case with us and the TAC engineer can make this external for you so, you can read up on it.

Once you open a case provide the case number. I will notify the engineer of the defect that I was talking about.

-KS

View solution in original post

Ganesh Hariharan · ‎02-14-2010

we are having problems getting login to one of our fwsm firewall via telnet, though asdm access is working good.

this is the message that appears:

The default escape character is Ctrl-^, then x.
You can also type 'exit' at the remote prompt to end the session
Trying 127.0.0.61 ...
% Connection timed out; remote host not responding

Secondary firewall allows telnet access fine. Please suggest what may be the cause & any possible way out.

Thanks.

Hi,

Check out that from the desktop you are connecting is permiited for telnet access in firewall.

Under configuration--device management -- management access -- cli -- telnet check out here your desktop ip is permitted or not.

Hope to help !!

Ganesh.H

Kureli Sankar · ‎02-14-2010

Seems like the FWSM is in slot 6. Pls. verify the following:

1. The line vty line on the switch allows telnet as a transport and there is no access-class applied.

2. sh tcp brief - on the switch

make sure there are no sessions to 127.0.0.61 stuck. If so clear then all with the command "clear tcp tcp ". I'd clear all of them to 127.0.0.61

6509#sh tcp brief
TCB Local Address Foreign Address (state)
0x105ABD0 127.0.0.61:1025 127.0.0.31:23 ESTAB

6509#cle tcp tcb 0x105ABD0
[confirm]

3. Now try the session in command again.

-KS

suthomas1 · ‎02-14-2010

Thanks, it doesnt show any session remaining on 127.0.0.61 on the output.

Kureli Sankar · ‎02-14-2010

Paste the output pls. Also, are you sure the module is up? sh module? It accepts telnet, ssh and/or asdm sessions and just now session from the switch?

Is this a VSS setup?

-KS

suthomas1 · ‎02-15-2010

Hi,

below is the output:

TCB Local Address Foreign Address (state)
0109CB12 192.168.100.2:23 192.168.200.5:2984 ESTAB

line vty 0 4
password 7 XXXXX
transport input telnet ssh
line vty 5 15
accounting commands 15 YYYYY
transport input ssh

Module is up and allowing connections to be passed across. its ip is reachable from 6500.

Kureli Sankar · ‎02-15-2010

Found 2 defects for the symptom.

Resolved in 2.3.5, 3.2.2, 3.1.5

A reload should resolve the issue. Make sure you are running a resolved code.

-KS

suthomas1 · ‎02-15-2010

Thanks, may i have the link(if any) or brief description to these pointers to understand the problem & resolution better.

Thanks!

Kureli Sankar · ‎02-15-2010

Unfortunately both these are marked internal meaning no customer has faced this issue yet.

If you need an external link you need to open a case with us and the TAC engineer can make this external for you so, you can read up on it.

Once you open a case provide the case number. I will notify the engineer of the defect that I was talking about.

-KS