We have some 871's which will not pass telnet through the router, to the devices on the other side. Some will, other won't. Config's are identical, except for where the DHCP pool (dns-server) is getting the information. The one in serious trouble is from Verizon (18.104.22.168 22.214.171.124)... Anyone seen this in any scenario? This SHOULD be simple, yet is making us send laptops out into the field for our remote access.
Thanks for the interest/reply, yes - ping will go through easily, and on another site that is configured just like this one, telnet will pass... We've been shooting about 50/50 on our rollout, and it's outta control. The TAC was in on Fri last, but did not get anywhere besides blaming the far-end equipment (he stated the "devices" had to have that routers def gwy, which is really out there once you see the config). The config is too complicated to spell out, I'm at firstname.lastname@example.org if you require it... No firewalls are in the config... jeff
can you place a packet analyzer between the 871 and the device you would like to telnet to? I just wonder, if the packets arrives at all or where it gets stuck. can you place an access-list on the input/output interface "permit any eq telnet any log" and "permit any any eq telnet log" to check, whether the 871 gets the packets or things are messed up somewhere else.
TAC needs to be sure it happens in the 871 before things are progressing, I suppose.
I think the first question we need to check is if there is reachability to the servers. If yes , there is no reachability problems , you can probably set mss on the link and see if it helps. Martin was right too, a packet analyzer data would help.
Mss command is ip tcp adjust-mss 1350 on the WAN interface
I'm sorry, but I did not get any message that anyone has posted here since Martins 1st reply 2 weeks ago.
As it turns out, the FIX to our issue was that our config did not map GRE tunnels correctly - we did not map to the Ethernet interface compleletly nor to our first hop IP in each case. I can now telnet to 2 remote sites, and the visual half-screen replies of remote devices via http have gone!!!
The TAC got involved - Adolfo in Mex City - and he made changes too long to repeat in this forum - and I obviously cannot paste a "sh run" command result here... it would devolve too much of our netowork. Pls email me directly, and I may be able to pass on some info that way!!! Jeff
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...