Telnet will not pass

jncarroll2002 · ‎04-06-2006

We have some 871's which will not pass telnet through the router, to the devices on the other side. Some will, other won't. Config's are identical, except for where the DHCP pool (dns-server) is getting the information. The one in serious trouble is from Verizon (4.2.1.1 4.2.2.2)... Anyone seen this in any scenario? This SHOULD be simple, yet is making us send laptops out into the field for our remote access.

mheusinger · ‎04-09-2006

Hello,

does a ping to the device work through the 871 under question? What is your setup looking like? Could there be any filters/firewall denying telnet access?

Regards, Martin

jncarroll2002 · ‎04-10-2006

Hey Martin,

Thanks for the interest/reply, yes - ping will go through easily, and on another site that is configured just like this one, telnet will pass... We've been shooting about 50/50 on our rollout, and it's outta control. The TAC was in on Fri last, but did not get anywhere besides blaming the far-end equipment (he stated the "devices" had to have that routers def gwy, which is really out there once you see the config). The config is too complicated to spell out, I'm at jcarroll@maritelusa.com if you require it... No firewalls are in the config... jeff

mheusinger · ‎04-10-2006

Hello,

can you place a packet analyzer between the 871 and the device you would like to telnet to? I just wonder, if the packets arrives at all or where it gets stuck. can you place an access-list on the input/output interface "permit any eq telnet any log" and "permit any any eq telnet log" to check, whether the 871 gets the packets or things are messed up somewhere else.

TAC needs to be sure it happens in the 871 before things are progressing, I suppose.

Regards, Martin

attrgautam · ‎04-10-2006

I think the first question we need to check is if there is reachability to the servers. If yes , there is no reachability problems , you can probably set mss on the link and see if it helps. Martin was right too, a packet analyzer data would help.

Mss command is ip tcp adjust-mss 1350 on the WAN interface

peter.rowe · ‎04-14-2006

I am having the exact same problem with VPN routers that terminate IPSEC denying telnet access from the remote sites (after updating IOS on routers)

the adjust mss command has not fixed it. I can telnet to another router/switch on the same subnet and then telnet to the VPN router as a workaround.

Any other ideas?

Thanks

jncarroll2002 · ‎04-14-2006

Martin/All,

I'm sorry, but I did not get any message that anyone has posted here since Martins 1st reply 2 weeks ago.

As it turns out, the FIX to our issue was that our config did not map GRE tunnels correctly - we did not map to the Ethernet interface compleletly nor to our first hop IP in each case. I can now telnet to 2 remote sites, and the visual half-screen replies of remote devices via http have gone!!!

The TAC got involved - Adolfo in Mex City - and he made changes too long to repeat in this forum - and I obviously cannot paste a "sh run" command result here... it would devolve too much of our netowork. Pls email me directly, and I may be able to pass on some info that way!!! Jeff