cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
44565
Views
15
Helpful
10
Replies

% Connection refused by remote host

Ibrahim Jamil
Level 6
Level 6

Hello Folks

i m trying to telnet to my asa 5510 from the core swith,however i received the below msg,how enable it?

172.30.1.100 is the inside interface of the asa

CITYCORE#telnet 172.30.1.100
Trying 172.30.1.100 ...
% Connection refused by remote host

CITYCORE#

10 Replies 10

Jennifer Halim
Cisco Employee
Cisco Employee

You might want to check if telnet has been enabled on the ASA inside interface, and if the core switch IP Address has been added as telnet client.

You can check by issueing: sh run telnet

You should see the IP Address of the core switch, or a more generic subnet that the core switch belongs enabled for telnet on the inside interface.

Hi Halim

what do u mean by the below ?

and if the core switch IP Address has been added as telnet client

Hi,

and if the core switch IP Address has been added as telnet client

if telnet has been enabled on inside interface then sh run telnet will give you a result like this: telnet x.x.x.x y.y.y.y inside

where x.x.x.x is subnet and y.y.y.y subnet mask telling which IPs can telnet on inside interface

Regards.

Alain.

Don't forget to rate helpful posts.

TCP is allowed by defatult on ASA.

ICMP (Ping is not allowed by default)

 

DMZ.jpgPlease see the topolgy

i can ping all the devices from ASA,

when i m trying to telnet from R1 to R2 its not going through ASA.

 

R1#telnet 150.1.20.2
Trying 150.1.20.2 ...
% Connection refused by remote host

 

R2

!
line con 0
logging synchronous
line aux 0
line vty 0 4
exec-timeout 15 0
password cisco
login
transport input none
!

 

Much Appricated your kind and quick response
Many many thanks in advance

 

Same Error i am also getting in eve-ng is there any solution on this 

The command on the ASA would be:

telnet 255.255.255.255 inside

This will allow the core switch to telnet to the ASA on the inside interface.

hi folks

I m trying to telne tfor the core switch witch exists in other site to asa 5510 exist in other site,means the the core and the asa aren't in the same same subnet

Do you mean that there is site-to-site VPN tunnel between the 2 sites, and you are trying to telnet to the inside interface of the ASA on the remote site from the core switch?

There are a few things that need to be checked to allow that access if it is connected as per the above description.

Can you share the core switch ip address as well as the configuration from both ASA?

Hi Halim

i have the same as you mentioned

Do you mean that there is site-to-site VPN tunnel between the 2 sites, and you are trying to telnet to the inside interface of the ASA on the remote site from the core switch?

On the remote ASA that you are trying to telnet to, you would need to add the following command:

management-access inside

telnet <255.255.255.255> inside

Also, your local ASA where the core switch is connected needs to allow the telnet connection through to the remote ASA.

Review Cisco Networking for a $25 gift card