Re: Telnet Access Problem

yquirion_ · ‎09-01-2005

Hello all,

I'm having a strange problem with my ASA 5510. After activate the telnet server, when I'm issuing the telnet command from an allowed workstation, it will connect, but will disconnect before I get login prompt:

[host]:/home/user> telnet 10.32.1.251

Trying 10.32.1.251...

Connected to 5510.domain.com (10.32.1.251).

Escape character is '^]'.

Connection closed by foreign host.

On the ASA log I have this:

6|Aug 31 2005 17:16:42|609002: Teardown local-host lan0:10.32.2.1 duration 0:00:04

6|Aug 31 2005 17:16:42|302014: Teardown TCP connection 256 for lan0:10.32.2.1/38282 to NP Identity Ifc:10.32.1.251/23 duration 0:00:04 bytes 0 TCP intercept server no respond

4|Aug 31 2005 17:16:41|402106: Rec'd packet not an IPSEC packet. (ip) dest_addr= 10.32.1.251, src_addr= 10.32.2.1, prot= tcp

4|Aug 31 2005 17:16:40|402106: Rec'd packet not an IPSEC packet. (ip) dest_addr= 10.32.1.251, src_addr= 10.32.2.1, prot= tcp

4|Aug 31 2005 17:16:39|402106: Rec'd packet not an IPSEC packet. (ip) dest_addr= 10.32.1.251, src_addr= 10.32.2.1, prot= tcp

4|Aug 31 2005 17:16:38|402106: Rec'd packet not an IPSEC packet. (ip) dest_addr= 10.32.1.251, src_addr= 10.32.2.1, prot= tcp

6|Aug 31 2005 17:16:38|302013: Built inbound TCP connection 256 for lan0:10.32.2.1/38282 (10.32.2.1/38282) to NP Identity Ifc:10.32.1.251/23 (10.32.1.251/23)

6|Aug 31 2005 17:16:38|609001: Built local-host lan0:10.32.2.1

Anybody has idea on this matter?

Thank you

Regards,

Yanick

nkhawaja · ‎09-01-2005

are you trying to connect to an outside interface?

PIX / ASA expects that it can receive telnet traffic only if it is coming encapsulated into IPSEC traffic. Meaning you are first terminating IPSEC tunnel to this PIX and then telnet to the outside interface.

You can do SSH to the outside interface if you would like.

thanks

Nadeem