Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
573
Views
0
Helpful
3
Replies

Users cannot SSH to servers

StellaYin5
Level 1
Level 1

‎01-18-2012 05:33 AM - edited ‎03-04-2019 02:56 PM

Hi, may someone kindly guide me.

I’m a new CCNA and not have much working experience.

Lately some of the users migrate from a subnet to a new subnet. After migration, they cannot SSH into their servers. I did a sh ip route from both subnets gateways to the servers. Found out that there is path from old subnet gateway to the servers, but the new subnet gateway saying no routing table. Please advise could that be this simple that is the root cause.

We always encounter this kinds of problems.

May you guide me and give me some hints how to troubelshoot this type of problems and whatelse should I check.

Should I check the ACLs on all the routers on the path to the servers.

How can I know is this Firewall issue based on the information on my routers. I cannot access Firewall routers. And I couldn’t remember CCNA show me this.

If part of our networks is with service provider clouds, how can I isolate the problem and ensure it’s not providers issue.

Thanks all in advance

Labels:
0 Helpful
3 Replies 3

Konstantin Dunaev
Level 4
Level 4

‎01-18-2012 05:41 AM

first of all you should check the path with ping and trace command. if both work then probably the it's the ACL issue,

do "sh ip access-list" and check which ACL's are active and which traffic should be permited.

0 Helpful

StellaYin5
Level 1
Level 1
In response to Konstantin Dunaev

‎01-18-2012 06:12 AM

Thank you Konstantin,

No, cannot ping nor traceroute from the new subnet gateway to the servers.

Should I do the sh ip access-list on the users subnet gateway, or the servers gateways, or both.  Since there are many access-list, may I narrow it down just check the access list including the users subnet or the servers ip. May you let me know what is that command.

Thanks

0 Helpful

Konstantin Dunaev
Level 4
Level 4
In response to StellaYin5

‎01-18-2012 06:21 AM

if you can't ping or trace the server, it could be the folowing problems:

1. check the IP address information IP and subnetmask on servers on both subnets. Can server reach each other inside of same subnet?

2. check the default router configuration on the servers. can servers reach default gateway?

3. are both routers exchange the routing information? do you use static routes?

4. can server reach the IPof the router  on the "remote" subnet?

5. If you use ACL's may be it's better to deactivate them on all interfaces during the tests (don't forget to activate them again after tests)

if you can check and answer all these questons, then you will probably find your problem.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card