Re: Telnet connection refused by router

n_khanolkar · ‎09-12-2004

I am trying to access a 2600 series router remotely. But I get the message "% connection refused by remote host". This message is obtained on both WAN and LAN telnet attempts. But the router itself functions perfectly. There is no problem with the functionality. It also replies to peer 'PING' command. There has been a 'session-timeout' of 5 mins configured on the vty lines. What could be the problem as it only takes a reboot to gain access again.

Kevin Dorrell · ‎09-12-2004

I would have said it was an access-class in the vty lines, but you say that it only takes a reboot to gain access again.

Maybe there is no access-class on vty 0, and there is one on vty 1 onwards. The first session would get in on vty 0, which is open. If for some reason this does not terminate cleanly, the second one comes in on vty 1, which does have a restrictive access-class.

Can you post the vty line configs?

Kevin Dorrell

Luxembourg

n_khanolkar · ‎09-12-2004

Hi Kevin,

There is no access-class configuration as is evident below:

line vty 0 4

session-timeout 5

exec-timeout 0 0

That is all there is to it.

Kevin Dorrell · ‎09-13-2004

I use exec-timeout without session-timeout. I am just going to look up the info on session-tiemout, but you might want to try:

line vty 0 4

no session-timeout

exec-timeout 5 0

Kevin Dorrell

Luxembourg

P.S. I looked up session-timeout, but I am none the wiser. Maybe your config disconnects the session but leaves the exec open. Sounds strange though.

KJD

n_khanolkar · ‎09-13-2004

Gee...thanx Kevin!! Shall check it out. The site is remote. Shall have to ask my colleague there to do the needful. Thanks for the help anyways!

Shall let you know!!:)

Kevin Dorrell · ‎09-13-2004

If it works, please don't forget to fill in the "solved" and "rate this port" fields of my posting. ;-)>

Good luck.

Kevin Dorrell

Luxembourg

n_khanolkar · ‎09-14-2004

Hey Kevin,

Thanx for the info.....but you see my colleague at the remote end has not made any changes. He just cleared the excessive connections and I was able to telnet. No changes are made as changes need authorisation and a process is to be followed. So right now, rating our conversation would not be appropriate. I shall wait for them to make changes and in case it works out you got the whole marks!! ;)

I hope you won't mind waiting!?

johartman · ‎01-06-2005

I'm having the same issue with a Cat 4506 running IOS 12.2.18 EW and CiscoWorks....I can force all VTY lines to "hang" by doing a Check Device Attributes on this switch. There is a Bug CSCee62455 for my particualr IOS but it sounds exactly like your problem. I've tried service tcp-keepalives-in, adjusting the exec-timeout but have not tried the session-timeout. Any updates you might have found?

n_khanolkar · ‎01-07-2005

Try the solution suggested by Kevin Dorrell on Sept 13 2004 in this thread.

line vty 0 4

no session-timeout

exec-timeout 5 0

I hope this shall help! Please update.

Regards,

Nishant

marcobinda · ‎01-07-2005

It seems looking at your configuration that you have set no vty password.

you should configure one or set the "no login"

command in vty config mode if you don't want the router to ask password to gain access.

Marco.