cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
289
Views
0
Helpful
6
Replies

telnet prob

rpalacio
Level 1
Level 1

Hi,

My client is a remote office having a network of about 60 users. We have tested 10 workstations telneting an AS 400 on their head office and found only one (1) working.

What could be the problem behind. Theres no firewall. Access list is not a question coz ive managed telneting other telnet servers on other sites.

Thanks a lot.

6 Replies 6

hbaerten
Level 4
Level 4

Things to consider:

- what happens when the workstations try to telnet? does it timeout or do you get an error immediately?

- is it always the same station that succeeds?

- do the workstations use a hostname or an IP address to telnet to? Can it be an issue with DNS/hosts file?

- double-check the access list (it may permit telnet to other servers but not to this as400)

- is there any NAT along the way? maybe it should change to NAT overload?

- are the 10 workstations on the same subnet? if not it could be a routing issue.

- does the as400 implement access control based on ip address (e.g. using a tcpwrapper) ?

As you see without more details it's mostly guessing... maybe you could post more details on the network layout (addressing, connections, routing) and your router config?

hth

Herbert

1. i got an error message 'connect failed'

2. yes, only the same workstation succeeds.

3. telnetting using ip address

4. all outbound is permitted on the router

5. yes, both end routers uses NAT. The router at the head office is translating the WAN IP Address-port pair (eg. wan IP & port 8000 to an IP Inside with port 23). This Inside IP address-port pair is then mapped to the IP adress of the AS 400 thru the PIX firewall.

6. All the workstation are on the same subnet...flat network

7. i dont think so. Telneting from other 4 different geograhical locations was successful so far.

4. Are the return packets (source port 8000) permitted inbound?

5. Is the NAT on the remote office's router properly configured?

5. In your first post you said no firewall? ;) Can you see the telnet attempts in the firewall logs?

8. can we have a look at the config of the routers?

Hi,

Thanks for beeing helpful on this..

4. yes it is..and once it goes in, it is tranlated to port 23 with the ip address of the static mapping on the firewall which in turn is mappped to the as 400.

5. not a cisco (an ADSL alcatel actually)..been in use for 2 yrs now.

5. thats on the other site...on our testing site, there is something built-in on the alcatel..but as ive said, it works on 1 workstation ver consistently.

8. it wont be available, coz config is GUI.

Well, this is getting to a stage where I would get out my sniffer (or "debug ip packet" but be careful with that) and start looking in various points in the network to see where packets get lost.

I.e. can you see the telnet packets arriving at the central site, are they being logged on the pix, do you see them behind the pix, do you see return packets from the server to the client etc.

That might give an indication of where the problem is...

Hi,

thanks for the time uve spent. I finally solve the problem. Installing the ISA client on the workstations has solve it. Sorry coz i havent mentioned that in our previous correspondence.

Again, thanks a lot.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco