02-16-2023 12:46 PM - last edited on 04-17-2023 11:50 PM by Translator
Hello,
Need some assistance. Inherent network routing issues. Trying to connect from a router in one data center to an on-prem SmartNet Software Manager server in another data center. The routers are connected via L2VPLS (10.255.x.x), then the core is either 3750s or a 2960XR. We are using OSPF. Ping works, telnet to port does not.
#traceroute 10.10.254.34
Tracing the route to (10.10.254.34)
VRF info: (vrf in name/id, vrf out name/id)
1 10.248.150.6 1 msec * 1 msec
2 10.255.150.241 1 msec 0 msec 1 msec
3 10.255.10.244 [MPLS: Label 44 Exp 0] 82 msec 82 msec 82 msec
4 10.255.10.241 82 msec 82 msec 84 msec
5 ? ? ?
What's more perplexing is that this IP works
#traceroute 10.10.254.24
Tracing the route to USJC-NSMP-MGT04.fsg-gxp.local (10.10.254.24)
VRF info: (vrf in name/id, vrf out name/id)
1 10.248.150.6 1 msec * 1 msec
2 10.255.150.241 1 msec 1 msec 1 msec
3 10.255.10.244 [MPLS: Label 44 Exp 0] 82 msec 82 msec 82 msec
4 10.255.10.241 82 msec 83 msec 93 msec
5 (10.10.254.24) 82 msec 82 msec 82 msec
I'm pretty positive the issue is on the 3750 switch in the US. I'd like to put a static route in to force the intended result but am unclear as to what and where.
<sigh>
Solved! Go to Solution.
02-22-2023 05:53 AM - last edited on 04-17-2023 10:50 PM by Translator
When you ssh to the router (10.150.254.16) that doesn't imply that the router will use that ip as source when you ping or telnet further. The router will use the ip of the interface that the router will use to reach the destination. That is why we suggest that you specify which interface to use as source. example
telnet 10.150.254.16 /source-interface gig0/1
or if you want to test ssh use
telnet 10.150.254.16 443 /source-interface gig0/1
also when doing ping or traceroute, specify the source. Sometimes only one of the ip address ranges on a router is allowed through a firewall, that's why it is important to test with correct interface as source.
02-16-2023 02:49 PM
Ping works that means that routing looks ok for me high level.
, telnet to port does not. - this more related to device you are connecting to what device is this post the configuration of that device ? or check any ACL or VTY Lines config. (is this telnet works locally ?)
what is this IP address you tracerouting to ? 10.10.254.34 and 10.10.254.24 ?
what is the source IP you trying to traceroute, and where that reside? from what device are you trying to connect Telnet ? (have you tried SSH ?)
02-17-2023 07:42 AM
02-21-2023 06:15 AM
So you sure SSM working for other devices, and only this device having issue ?
i try using telnet SSMIP port 443 see is that works ?
if you have any PC in the lan same subnet IP, you can use pstool - psping ip and port, see you can reach.
I am thinking something blocking between for the port 443 ?
02-17-2023 07:48 AM - last edited on 04-17-2023 10:41 PM by Translator
SiteA(x.x.x.1)-l2vpn-SiteB(x.x.x2)
Telnet x.x.x.1 source x.x.x.2
This sure work.
02-17-2023 09:01 AM
02-20-2023 04:13 AM - last edited on 04-17-2023 10:43 PM by Translator
you need to add source to
telnet
command
02-21-2023 11:30 AM
02-20-2023 03:50 AM - last edited on 04-18-2023 12:15 AM by Translator
When you ping what source did you use. If you did not specify the source, router will pick the ip that is used for reaching to destination. The same is for telnet by default. However for telnet this can be changed with
telnet source <interface>.
To be sure, use the method provided by @MHM Cisco World for telnet and use same source address for ping. If both ping and telnet uses the same source, then we can invetigate more if it is a routing problem or an acl or firewall rule.
02-21-2023 11:30 AM
02-20-2023 10:14 PM - last edited on 04-17-2023 10:46 PM by Translator
Hello
First of all is HTTPS enabled on the end host,
is their a FW in-between that could be denying tcp 443 from that Germany subnet?
On the US L3 device that this server is attached to can you connect via port 443.
Telnet x.x.x.x 443 /source xxxx
02-21-2023 11:30 AM - last edited on 04-17-2023 10:48 PM by Translator
I've already worked with Cisco TAC. Nothing from the pings or telnets is hitting ANY interface on the firewalls. This appears to traversing the L2VPLS connection.
On the L3 switch your command does not work.
Telnet 10.10.254.34 443 /source ? Not sure what xxxx is. There is no /source parameter, only /source-interface.
02-22-2023 05:53 AM - last edited on 04-17-2023 10:50 PM by Translator
When you ssh to the router (10.150.254.16) that doesn't imply that the router will use that ip as source when you ping or telnet further. The router will use the ip of the interface that the router will use to reach the destination. That is why we suggest that you specify which interface to use as source. example
telnet 10.150.254.16 /source-interface gig0/1
or if you want to test ssh use
telnet 10.150.254.16 443 /source-interface gig0/1
also when doing ping or traceroute, specify the source. Sometimes only one of the ip address ranges on a router is allowed through a firewall, that's why it is important to test with correct interface as source.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide