Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
638
Views
2
Helpful
4
Replies

telnet not allowed

Go to solution
suthomas1
Level 6
Level 6

‎07-31-2010 09:51 AM - edited ‎03-11-2019 11:19 AM

From my VPN segment, i try to access this another asa firewall of mine and it gives following error:

TCP access denied by ACL from 10.27.200.20/3268 to Inside:10.45.114.4/23

10.27.200.20 is my vpn ip , 10.45.114.4 is inside interface of my another asa firewall ( which is being tried to access ).

capture results on destination asa firewall on inside shows:

00:34:22.072033 10.45.114.4.23 > 10.27.200.20.3203: R 0:0(0) ack 1912878303 win 65535
   2: 00:34:22.632459 10.45.114.4.23 > 10.27.200.20.3203: R 0:0(0) ack 3856471911 win 65535

and

1: 00:29:28.556367 10.27.200.20.3114 > 10.45.114.4.23: S 689313684:689313684(0) win 65535 <mss 1366,nop,nop,sackOK>
   2: 00:29:29.736457 10.27.200.20.3114 > 10.45.114.4.23: S 3857537545:3857537545(0) win 65535 <mss 1366,nop,nop,sackOK>
   3: 00:30:04.756293 10.27.200.20.3124 > 10.45.114.4.23: S 1620863463:1620863463(0) win 65535 <mss 1366,nop,nop,sackOK>

as per the acl denied message, acl was put to allow telnet but it gained nothing.

Appreciate inputs to resolve this!

Great thanks.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jitendriya Athavale
Cisco Employee
Cisco Employee
In response to Nagaraja Thanthry

‎07-31-2010 09:20 PM

hi

as NT suggested telnet will work only on highest security level or inside

secondly can you please paste the relevant telnet configuration

show run | in telnet

also can you ping the interface that you are trying to telnet

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Nagaraja Thanthry
Cisco Employee
Cisco Employee

‎07-31-2010 09:55 AM

Hello,

Try issuing "management-access inside" command on the remote firewall.

Hope this helps.

Regards,

NT

0 Helpful

Go to solution
suthomas1
Level 6
Level 6
In response to Nagaraja Thanthry

‎07-31-2010 06:26 PM

Thanks , tried but that doesnt help.

0 Helpful

Go to solution
Nagaraja Thanthry
Cisco Employee
Cisco Employee
In response to suthomas1

‎07-31-2010 06:47 PM

Hello,

How exactly the ASA where VPN is getting terminated and the other ASA (one

you are trying access) are connected? Are they connected with their inside

interfaces on the same subnet or is it that the inside interface of VPN

terminating firewall is connected to outside interface of the other ASA? If

you are trying to access the ASA through its outside interface, then it may

not work.

Regards,

NT

Go to solution
Jitendriya Athavale
Cisco Employee
Cisco Employee
In response to Nagaraja Thanthry

‎07-31-2010 09:20 PM

hi

as NT suggested telnet will work only on highest security level or inside

secondly can you please paste the relevant telnet configuration

show run | in telnet

also can you ping the interface that you are trying to telnet

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card