TELNET NOT WORKING OVER VPN
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-22-2010 12:43 AM - edited 03-04-2019 10:12 AM
Morning
I have a Cisco 887 which is set up with split tunneling, a VPN for remote management and a internal dhcp LAN for general web browsing. My problem is that I can't get telnet to work over the VPN. SSH access works fine but i need to be able to telnet to the device and devices behind the router. When i debig TCP Packets I get the following output:
000457: OCT 19 11:34:57 GMT0BST: TCP0: bad segment from 10.xx.xx.xxx --IDB not up:port 23 seq 1538323348 ack 0 rcvnxt 0 rcvnxt 0 rcvwnd 4128 len 0
Does anyone have any knowledge of this error or point me in the direction to look,,
Cheers
- Labels:
-
Other Routing
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-22-2010 07:19 AM
Hi,
The crypto traffic is defined as IP traffic so either SSH or telnet are permitted since both run on top of TCP.
Do you have any VPN filters or ACLs in place that might be blocking telnet through the tunnel?
Federico.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-22-2010 07:21 AM
Hello Steve,
in order to get better help post the configuration of the C887 just remove user/passwords and change public addresses for your safety
Hope to help
Giuseppe
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-24-2010 11:55 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-25-2010 09:34 AM
Steve a question,
You can telnet to the router locally? (not through the VPN tunnel)?
I just want to make sure the router is accepting telnet connections fine.
Federico.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-25-2010 11:29 PM
Morning
Yes we can telnet locally with no problem. It is just if we telnet from our works system to the internal management address we have a problem.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-01-2010 08:37 AM
Steve,
As a suggestion you can try the following...
Create an ACL and apply it to the outside interface to check the telnet packets (or use an existing ACL already applied).
ip access-list extended TEST
permit tcp host x.x.x.x host y.y.y.y eq 23 ---> x.x.x.x is the IP of the remote VPN client and y.y.y.y the IP of the router
permit ip any any
interface OUTSIDE_INTERFACE
ip access-group TEST in
The above ACL is to test if telnet packets are being received by the router properly (show access-list TEST) will show the hitcounts incrementing everytime the telnet connection is attempted.
Another thing is to enable logs and check what are the related logs reported by the router related to the telnet connections.
Federico.
