Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

why cant i telnet?

I am unable to telnet to our ASA

the config is as follows

telnet 0.0.0.0 0.0.0.0 inside

telnet timeout 5

ssh 0.0.0.0 0.0.0.0 inside

ssh timeout 5

console timeout 0

threat-detection basic-threat

threat-detection statistics access-list

I am logged into the switch that this is connected to

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: why cant i telnet?

Yes. You can do something like the below configuration which excludes those addresses.

ip local pool A-Pool 172.30.0.10-172.30.0.254 mask 255.255.255.255

For testing purposes, try changing the pool to the above address range and let me know if it works. If it works, we know the pool was causing the issue, if not we can troubleshoot this further.

Regards,

Arul

*Pls rate if it helps*

9 REPLIES
Community Member

Re: why cant i telnet?

Enable packet capture on the inside interface to check the packet flow. Other option is to check connection build's and teardown but you need to enable "logging buffered debug"

Community Member

Re: why cant i telnet?

sadly..we are using asdm 6.0 with the known bug and cant access it now

would that debug cause a huge load on my asa?

its at a remote site and i dont want to have it hang and get stuck

Cisco Employee

Re: why cant i telnet?

Hi,

Was this working before or is this a new set up.

Can you post the configuration from the ASA along with the source and destination IP Address that you are telnetting from. Make sure that you can ping the ASA inside interface.

Regards,

Arul

Community Member

Re: why cant i telnet?

its an old setup that was never really e utilized..

here is the attached config..i edited some outside IP's..

My ip is 192.168.133.4 and i log into 192.168.4.2..

which has a vlan address of 172.30.0.1 configured on it

Re: why cant i telnet?

Try adding:

management-access inside

See if that helps.

HTH,

John

HTH, John *** Please rate all useful posts ***
Cisco Employee

Re: why cant i telnet?

Hi,

OK, configuration really helps. I don't think the below configuration is valid. You have an inside ip address of 172.30.0.2/16 and then you have configured a pool of ip addresses for the VPN Client, which is 172.30.0.x/24, which is overlapping with inside interface. This could be the issue that you are having issues accessing the inside interface.

!

interface GigabitEthernet0/1

nameif inside

security-level 100

ip address 172.30.0.2 255.255.0.0

ip local pool A-Pool 172.30.0.1-172.30.0.254 mask 255.255.255.0

Depending on your set up, you need to change the VPN Pool to a different subnet and make the necessary changes to the Split Tunnel ACL, NAT 0, etc and then try to telnet to the inside interface and see if it works.

Regards,

Arul

*Pls rate if it helps*

Community Member

Re: why cant i telnet?

is there a way to exclude the address from the pool?

Cisco Employee

Re: why cant i telnet?

Yes. You can do something like the below configuration which excludes those addresses.

ip local pool A-Pool 172.30.0.10-172.30.0.254 mask 255.255.255.255

For testing purposes, try changing the pool to the above address range and let me know if it works. If it works, we know the pool was causing the issue, if not we can troubleshoot this further.

Regards,

Arul

*Pls rate if it helps*

Community Member

Re: why cant i telnet?

Yes the Pool changed worked!!

I would think that the ASA would look for the .2 address so there wouldn't be any issues

thx

222
Views
0
Helpful
9
Replies
CreatePlease to create content