05-29-2007 11:58 PM - edited 03-03-2019 05:13 PM
Hello.
I have Cisco Router 876 Series, and have problem with telnet. i cant connect via telnet from remote office to my router. does anybody know how to solve that problem.
I have two vlan, vlan 1 is a nativ vlan and it is config for inside network, and vlan 2 for outside.
and fa0, fa1, and fa2 interface is in vlan1, while fa3 is in vlan2.
Anybody please!!!
05-30-2007 10:48 PM
ok.
i will do that and post the results.
by the way, ping work correctly, telnet from inside network to router too, and from router to outside network, but vice versa dont.
05-30-2007 11:20 PM
Hi ,
At starting you mentioned that you are trying to access 876 remotely..what exactly remote means ..do you have any other router at remote end....
if possible can you explain your setup or any diagram would be helpful...
Thanks,
Satish
05-30-2007 11:41 PM
NO i dont have other routher, only that one.
im call ISP and they say that no firewall on they side. i think the problem is with 876...
05-30-2007 11:36 PM
05-30-2007 11:43 PM
Hi ,
Can you paste the result instead of uploading it...
Thanks,
Satish
05-30-2007 11:55 PM
No. Time Source Destination Protocol Info
9 7.146579 192.168.70.55 217.199.130.153 TCP 1332 > telnet [SYN] Seq=0 Len=
Frame 9 (62 bytes on wire, 62 bytes captured)
Ethernet II, Src: CompalCo_64:02:6e (00:16:d4:64:02:6e), Dst: Cisco_6c:d4:9d (00:11:21:6c:d4:9d)
Internet Protocol, Src: 192.168.70.55 (192.168.70.55), Dst: 217.199.130.153 (217.199.130.153)
Transmission Control Protocol, Src Port: 1332 (1332), Dst Port: telnet (23), Seq: 0, Len: 0
No. Time Source Destination Protocol Info
10 10.121002 192.168.70.55 217.199.130.153 TCP 1332 > telnet [SYN] Seq=0 Len=Frame 10 (62 bytes on wire, 62 bytes captured)
Ethernet II, Src: CompalCo_64:02:6e (00:16:d4:64:02:6e), Dst: Cisco_6c:d4:9d (00:11:21:6c:d4:9d)
Internet Protocol, Src: 192.168.70.55 (192.168.70.55), Dst: 217.199.130.153 (217.199.130.153)
Transmission Control Protocol, Src Port: 1332 (1332), Dst Port: telnet (23), Seq: 0, Len: 0
No. Time Source Destination Protocol Info
11 16.156109 192.168.70.55 217.199.130.153 TCP 1332 > telnet [SYN] Seq=0 Len=Frame 11 (62 bytes on wire, 62 bytes captured)
Ethernet II, Src: CompalCo_64:02:6e (00:16:d4:64:02:6e), Dst: Cisco_6c:d4:9d (00:11:21:6c:d4:9d)
Internet Protocol, Src: 192.168.70.55 (192.168.70.55), Dst: 217.199.130.153 (217.199.130.153)
Transmission Control Protocol, Src Port: 1332 (1332), Dst Port: telnet (23), Seq: 0, Len: 0
No. Time Source Destination Protocol Info
12 37.148100 217.199.130.153 192.168.70.55 TCP telnet > 1332 [RST] Seq=0 Len=Frame 12 (60 bytes on wire, 60 bytes captured)
Ethernet II, Src: Cisco_6c:d4:9d (00:11:21:6c:d4:9d), Dst: CompalCo_64:02:6e (00:16:d4:64:02:6e)
Internet Protocol, Src: 217.199.130.153 (217.199.130.153), Dst: 192.168.70.55 (192.168.70.55)
Transmission Control Protocol, Src Port: telnet (23), Dst Port: 1332 (1332), Seq: 0, Len: 0
05-31-2007 12:19 AM
Hi ,
I guess you are trying from 192.168.70.55 i.e pc ip to telent to 217.199.130.153 i.e vlan2 ip of 876 router.
But main thing is you configured vlan1 as
interface Vlan1
ip address 192.168.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly
In which you can use 192.168.0.2 to 192.168.0.254 as PC's ip addresses.
Change the pc ip as 192.168.0.55 255.255.255.0 and gateway as 192.168.0.1 & check the issue.
Note : Remove nat on vlan1 and vlan2 fr checking purpose....
Thanks,
Satish
05-31-2007 12:37 AM
Satish,
Im trying telnet from remote host and ip 192.168.70.55 is addres of my pc, remote host.
I can telnet from 192.168.0.0 network to router, but from outside cant.
05-31-2007 12:29 AM
Hi,
Hi ,
I guess you are trying from 192.168.70.55 i.e pc ip to telent to 217.199.130.153 i.e vlan2 ip of 876 router.
But main thing is you configured vlan1 as
interface Vlan1
ip address 192.168.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly
In which you can use 192.168.0.2 to 192.168.0.254 as PC's ip addresses.
Change the pc ip as 192.168.0.55 255.255.255.0 and gateway as 192.168.0.1 & check the issue.
Thanks,
Satish
05-31-2007 12:02 AM
Interactive traffic like telnet often requires less latency. wats your ping response?
05-31-2007 12:32 AM
ping respons:
Pinging 217.199.130.153 with 32 bytes of data:
Reply from 217.199.130.153: bytes=32 time=186ms TTL=249
Reply from 217.199.130.153: bytes=32 time=149ms TTL=249
Reply from 217.199.130.153: bytes=32 time=127ms TTL=249
Reply from 217.199.130.153: bytes=32 time=79ms TTL=249
Ping statistics for 217.199.130.153:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 79ms, Maximum = 186ms, Average = 135ms
05-31-2007 01:41 AM
Hi amar,
Your ethereal dump indicates to me
that the router recieved your telnet packet (maybe not all) and actively sent a reset back.
The source IP address of your telnet attempts is a private 192.168 address. Why is this? Where are you telnetting from? A remote LAN? If so, you have another NAT and possibly a firewall device infront of your remote LAN. Have you checked this device for any filtering, NAT issues?
This device mayb the culprit!!!
05-31-2007 02:03 AM
Yes, its remote LAN and have NAT and firewall. But from everywhere I attempt telnet to 217.199.130.153, from home, from friend, etc. I cant telnet to 876. Its the same problem.
This crazy me.
05-31-2007 02:24 AM
Dont worry, we will get this sorted out..Or ill bcome crazy as well!!!
Anyway, there are 3 more things to be done
a) Did you run the debug ip packet??
pls do that and post the output (remember do the following
int vlan 2
no ip route-cache
int vlan 1
no ip route-cache
logging console
logging buffered
exit
term mon
b)Check your remote end firewall logs. Or run ethereal from a computer that does a dialup to the internet(and hence recieves a public IP).
What I want to check here is that your router doesnt reply back with a different IP address than 217.199.130.153
c) Thirdly, if none of these gives us a clue, we could be looking at a corrupted image. Install a new image and try the telnet again..
let me know how it goes...
05-31-2007 02:41 AM
Ok. Im not now in position to run debug, i cant contact my client, have some meeting or...... I can run ethereal from my pc and try to get some infos that can be usefull to you.
I earlyer post some log from ethereal. did yo see it.
When I have contact with my client we will do the first step (a) and i will post debug output.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide