Connection refused by 0.0.0.0

feude.dieudonne.leumaleu · ‎05-08-2022

Hello Folks,

We have few bug on our monitoring tools Solarwinds, we manage to fix it just now we have a couple of devices refused the Solarwinds connectivity:

ERROR: Running config: Connection Refused by 172.21.X.X ( ip of the devices )

i have checked the ACL of SSH and everything look configured as follow with the IP if the salorwinds (10.255.235.0/24)

could you please have a look on the ACL below and advise

LV2-LT7e-S4.20#sh run | i access-list
access-list 22 remark LAN-ADMIN
access-list 22 permit 10.0.0.0 0.15.255.255
access-list 22 permit 172.20.35.0 0.0.0.255
access-list 22 permit 172.21.35.0 0.0.0.255
access-list 22 permit 172.20.30.0 0.0.0.255
access-list 22 permit 10.255.235.0 0.0.0.255
access-list 70 permit 172.20.31.5
access-list 70 permit 172.20.31.500
access-list 70 deny any log
access-list 70 remark NTP-ACL
access-list 98 remark ** ACL SNMP RO **
access-list 98 permit 10.255.240.8
access-list 98 permit 10.6.1.53
access-list 98 permit 10.1.1.10
access-list 98 permit 10.6.1.113
access-list 98 permit 10.6.1.20
access-list 98 permit 172.20.35.50
access-list 98 permit 10.0.0.0 0.255.255.255
access-list 98 permit 10.255.245.0 0.0.0.255
access-list 98 permit 172.20.30.0 0.0.0.255

MHM Cisco World · ‎05-08-2022

all this ACL line is for SSH ? what is the direction of Access-class ?
what is the source of SSH ?

feude.dieudonne.leumaleu · ‎08-08-2022

Hello Only the ACL 22 is for SSH, the Access-class has been applied to the line vty 0 4 and 0 15 as INBOUND

the source SSH is <<access-list 22 permit 10.255.235.0 0.0.0.255>>> although something worries me when i issued the command sh ip interface ( mgnt interface name) i see that the comment : Inbound acl is not set . so looks like the acl 22 is not attached to an interface. but some of the devices that passed the SSH connection from solarwinds has the config. i am really confused now

MHM Cisco World · ‎08-08-2022

OK, I have idea
In1-R-In2-Solarwinds
you access the R from solarwinds connect to In2, in In2 there is ACL apply INBOUND,
here the traffic is drop not in ACL config in VTY (ACL22)
you need to allow TCP eq 23 to access Router then the VTY ACL will filter how can SSH to router.

feude.dieudonne.leumaleu · ‎09-08-2022

Hello,

Thanks for your answer so if understood well , to allow tcp eq 23 or 22 i will have to create an extended ACL moreover i would need to bind it to the management interface. or how to allow a tcp ep port 23/22 on standard ACL ?

MHM Cisco World · ‎09-08-2022

Your standard ACL for VTY is OK
the issue is from other ACL
ACL 70 and ACL 98
are it apply to interface you connect the SolarWinds to, I think that these ACL drop the connection not ACL of VTY.

feude.dieudonne.leumaleu · ‎09-08-2022

LV2-LT7e-S4.20#sh ip interface vlan 438
Vlan438 is up, line protocol is up
Internet address is 10.6.4.2/24
Broadcast address is 255.255.255.255
Address determined by non-volatile memory
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing access list is not set
Inbound access list is not set
Proxy ARP is enabled
Local Proxy ARP is disabled
Security level is default
Split horizon is enabled
ICMP redirects are always sent

this is the short output of the interface our management interface as you can see there is no ACL bind to it. neither on inbound or outgoing

so what do you suggest should be change or add

Thanks for your support

MHM Cisco World · ‎09-08-2022

show ip route 172.21.X.X longest

this show you the egress interface for solarwinds check it there is any ACL apply to it

feude.dieudonne.leumaleu · ‎09-08-2022

these are layer 2 switch cisco catalyst 2960G. there fore the command above is not working

Thanks for your Help !

MHM Cisco World · ‎09-08-2022

management interface is in different Subnet that the Solar PC, you use ip default-gateway ?
if Yes check the L3 device if it have ACL or NAT config.

Connection refused by 0.0.0.0

Liens rapides