I'm trying to allow telnet traffic from one vlan to another through the FWSM, and when I try to telnet from my windows machine to any solaris server on the other side, I get black screen (meaning port is opened), however, I do not get the prompt for username and password. if the same is done from any machine on the solaris side, the connection gets through.
Any guesses on why is this happening? BTW, I am allowing IP any any acl on both sides, and not doing any translation on either way...
If somebody give a proper solution, I will give a red tick and 5 points
Have you waited to see if the prompt eventually appears ?
Unix boxes often do a reverse DNS lookup on the incoming ip address and if DNS is being blocked on your firewall then it can take a while for it to time out.
If DNS isn't important on the Solaris box either turn it off and retest or in the resolv.conf use 127.0.0.1 as the DNS name server and retest.
Edit - just reread and realise you are allowing IP any any between the 2. However your DNS servers may be elsewhere in relation to the FWSM so it's still worth a quick test.
> Have you waited to see if the prompt eventually appears ?
Yes, but it did not appear!
> If DNS isn't important on the Solaris box either turn it off and retest or in the resolv.conf use 127.0.0.1 as the DNS name server and retest.
should the reverse lookup stop the telnet traffic? we already have permit IP any any, and all the pinging is done fine both ways!
The issue is solved. Actually when we snooped the telnet traffic of the solaris server. we found the server is dropping the packets. There is an inbound telnet traffic to the server and there is no return traffic from the server. so we changed the ip address of the existing interface, and played with the routing table, and it worked fine!