Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

telnet not allowed

From my VPN segment, i try to access this another asa firewall of mine and it gives following error:

TCP access denied by ACL from 10.27.200.20/3268 to Inside:10.45.114.4/23

10.27.200.20 is my vpn ip , 10.45.114.4 is inside interface of my another asa firewall ( which is being tried to access ).

capture results on destination asa firewall on inside shows:

00:34:22.072033 10.45.114.4.23 > 10.27.200.20.3203: R 0:0(0) ack 1912878303 win 65535
   2: 00:34:22.632459 10.45.114.4.23 > 10.27.200.20.3203: R 0:0(0) ack 3856471911 win 65535

and

1: 00:29:28.556367 10.27.200.20.3114 > 10.45.114.4.23: S 689313684:689313684(0) win 65535 <mss 1366,nop,nop,sackOK>
   2: 00:29:29.736457 10.27.200.20.3114 > 10.45.114.4.23: S 3857537545:3857537545(0) win 65535 <mss 1366,nop,nop,sackOK>
   3: 00:30:04.756293 10.27.200.20.3124 > 10.45.114.4.23: S 1620863463:1620863463(0) win 65535 <mss 1366,nop,nop,sackOK>

as per the acl denied message, acl was put to allow telnet but it gained nothing.

Appreciate inputs to resolve this!

Great thanks.

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: telnet not allowed

hi

as NT suggested telnet will work only on highest security level or inside

secondly can you please paste the relevant telnet configuration

show run | in telnet

also can you ping the interface that you are trying to telnet

4 REPLIES
Cisco Employee

Re: telnet not allowed

Hello,

Try issuing "management-access inside" command on the remote firewall.

Hope this helps.

Regards,

NT

New Member

Re: telnet not allowed

Thanks , tried but that doesnt help.

Cisco Employee

Re: telnet not allowed

Hello,

How exactly the ASA where VPN is getting terminated and the other ASA (one

you are trying access) are connected? Are they connected with their inside

interfaces on the same subnet or is it that the inside interface of VPN

terminating firewall is connected to outside interface of the other ASA? If

you are trying to access the ASA through its outside interface, then it may

not work.

Regards,

NT

Cisco Employee

Re: telnet not allowed

hi

as NT suggested telnet will work only on highest security level or inside

secondly can you please paste the relevant telnet configuration

show run | in telnet

also can you ping the interface that you are trying to telnet

271
Views
2
Helpful
4
Replies
CreatePlease to create content