07-30-2015 05:42 PM - edited 03-08-2019 01:11 AM
Hello,
I have Cisco 867 being used as WAN router and for some reason I am not able to telnet or ssh to it. I have an acl to permit my local subnet on vty lines. here is some config and logs..
line vty 0 4
access-class 10 in
exec-timeout 5 0
privilege level 15
password 7 xxxxxxxxxxxx
login local
no activation-character
no exec
transport preferred none
transport input telnet ssh
transport output telnet ssh
stopbits 1
access-list 10 permit 192.168.10.0 0.0.0.255 log
Standard IP access list 10
10 permit 192.168.10.0, wildcard bits 0.0.0.255 log (50 matches)
TCP Debug:
=============
FOR TELNET
=============
002038: Jul 30 17:25:02.977 PST: Reserved port 0 in Transport Port Agent for TCP IP type 0
002039: Jul 30 17:25:02.977 PST: TCP0: state was LISTEN -> SYNRCVD [23 -> 192.168.10.78(1195)]
002040: Jul 30 17:25:02.977 PST: TCP: tcb 8A4641F0 connection to 192.168.10.78:1195, peer MSS 1460, MSS is 516
002041: Jul 30 17:25:02.977 PST: TCP: Selective ack is disabled from the CLI
002042: Jul 30 17:25:02.977 PST: TCP: sending SYN, seq 2241755462, ack 3644951675
002043: Jul 30 17:25:02.977 PST: TCP0: Connection to 192.168.10.78:1195, advertising MSS 1460
002044: Jul 30 17:25:02.977 PST: TCP0: state was SYNRCVD -> ESTAB [23 -> 192.168.10.78(1195)]
002045: Jul 30 17:25:02.981 PST: TCB8A4641F0 getting property TCP_COND_ACCEPT (1)
002046: Jul 30 17:25:02.981 PST: TCB8A4641F0 setting property TCP_TOS (11) 86222340
002047: Jul 30 17:25:02.981 PST: TCB8A4641F0 setting property TCP_RTRANSTMO (36) 86BB1910
002048: Jul 30 17:25:02.981 PST: TCB8A4641F0 setting property TCP_GIVEUP (41) 86BB1918
002049: Jul 30 17:25:02.981 PST: TCB8A4641F0 setting property TCP_KEEPALIVE (17) 86BB18F0
002050: Jul 30 17:25:02.981 PST: TCP: Setting Keepalive interval and retries to 60 and 4
002051: Jul 30 17:25:02.981 PST: TCP2: state was ESTAB -> FINWAIT1 [23 -> 192.168.10.78(1195)]
002052: Jul 30 17:25:02.981 PST: TCP2: sending FIN
002053: Jul 30 17:25:02.981 PST: TCP: Available resources insufficient
002054: Jul 30 17:25:02.981 PST: TCP2: state was FINWAIT1 -> FINWAIT2 [23 -> 192.168.10.78(1195)]
002055: Jul 30 17:25:02.997 PST: TCP2: bad seg from 192.168.10.78 -- Application closed: port 23 seq 3644951675 ack 2241755476 rcvnxt 3644951675 rcvwnd 4128 len 21
002056: Jul 30 17:25:02.997 PST: TCP: sending RST, seq 2241755476, ack 0
002057: Jul 30 17:25:02.997 PST: TCP2: state was FINWAIT2 -> CLOSED [23 -> 192.168.10.78(1195)]
002058: Jul 30 17:25:02.997 PST: TCB 0x8A4641F0 destroyed
002059: Jul 30 17:25:02.997 PST: TCP: sending RST, seq 2241755476, ack 0
002060: Jul 30 17:25:02.997 PST: TCP: sent RST to 192.168.10.78:1195 from 192.168.10.1:23
002061: Jul 30 17:25:02.997 PST: TCP: sending RST, seq 2241755476, ack 0
002062: Jul 30 17:25:02.997 PST: TCP: sent RST to 192.168.10.78:1195 from 192.168.10.1:23
=============
FOR SSH
=============
002064: Jul 30 17:26:16.805 PST: Reserved port 0 in Transport Port Agent for TCP IP type 0
002065: Jul 30 17:26:16.805 PST: TCP0: state was LISTEN -> SYNRCVD [22 -> 192.168.10.78(1197)]
002066: Jul 30 17:26:16.805 PST: TCP: tcb 897EB480 connection to 192.168.10.78:1197, peer MSS 1460, MSS is 516
002067: Jul 30 17:26:16.805 PST: TCP: Selective ack is disabled from the CLI
002068: Jul 30 17:26:16.805 PST: TCP: sending SYN, seq 256781700, ack 2795036373
002069: Jul 30 17:26:16.805 PST: TCP0: Connection to 192.168.10.78:1197, advertising MSS 1460
002070: Jul 30 17:26:16.809 PST: TCP0: state was SYNRCVD -> ESTAB [22 -> 192.168.10.78(1197)]
002071: Jul 30 17:26:16.809 PST: TCB897EB480 setting property TCP_TOS (11) 8621C491
002072: Jul 30 17:26:16.809 PST: TCB897EB480 getting property TCP_COND_ACCEPT (1)
002073: Jul 30 17:26:16.809 PST: TCB897EB480 setting property TCP_KEEPALIVE (17) 87AEB278
002074: Jul 30 17:26:16.809 PST: TCP: Setting Keepalive interval and retries to 60 and 4
002075: Jul 30 17:26:16.809 PST: TCB897EB480 setting property TCP_MSG_NOTIFY (8) 89DE0E68
002076: Jul 30 17:26:17.229 PST: TCP2: bad seg from 192.168.10.78 -- outside window: port 22 seq 2795037089 ack 256782304 rcvnxt 2795037361 rcvwnd 3140 len 272
002077: Jul 30 17:26:23.717 PST: TCP2: state was ESTAB -> FINWAIT1 [22 -> 192.168.10.78(1197)]
002078: Jul 30 17:26:23.717 PST: TCP2: sending FIN
002079: Jul 30 17:26:23.717 PST: TCP2: bad seg from 192.168.10.78 -- Application closed: port 22 seq 2795038333 ack 256783628 rcvnxt 2795038333 rcvwnd 3800 len 72
002080: Jul 30 17:26:23.717 PST: TCP: sending RST, seq 256783628, ack 0
002081: Jul 30 17:26:23.717 PST: TCP2: state was FINWAIT1 -> CLOSED [22 -> 192.168.10.78(1197)]
002082: Jul 30 17:26:23.721 PST: TCB 0x897EB480 destroyed
002083: Jul 30 17:26:23.721 PST: TCP: sending RST, seq 256783628, ack 0
002084: Jul 30 17:26:23.721 PST: TCP: sent RST to 192.168.10.78:1197 from 192.168.10.1:22
002085: Jul 30 17:26:23.721 PST: TCP: sending RST, seq 256783629, ack 0
002086: Jul 30 17:26:23.721 PST: TCP: sent RST to 192.168.10.78:1197 from 192.168.10.1:22
002087: Jul 30 17:26:23.721 PST: TCP: sending RST, seq 256783629, ack 0
002088: Jul 30 17:26:23.721 PST: TCP: sent RST to 192.168.10.78:1197 from 192.168.10.1:22
Regards!
Gill
Solved! Go to Solution.
07-30-2015 05:46 PM
Hi Gill,
After a brief look at your configs, it appears you have the no exec command configured on your VTY lines. This command disables the command line interface on these VTY lines (it prevents the command interpreter from being started for an incoming session). I believe that this could be the cause of your troubles. Simply try entering the exec command in the line vty 0 4 section and try Telnet/SSH again.
Best regards,
Peter
07-30-2015 05:46 PM
Hi Gill,
After a brief look at your configs, it appears you have the no exec command configured on your VTY lines. This command disables the command line interface on these VTY lines (it prevents the command interpreter from being started for an incoming session). I believe that this could be the cause of your troubles. Simply try entering the exec command in the line vty 0 4 section and try Telnet/SSH again.
Best regards,
Peter
07-30-2015 06:08 PM
Seems like it was. Thanks, its working now.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide