Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1128
Views
0
Helpful
2
Replies

Cannot SSH/Telnet to Cisco 867Vae

Go to solution
Nirbhai Gill
Level 1
Level 1

‎07-30-2015 05:42 PM - edited ‎03-08-2019 01:11 AM

Hello,

I have Cisco 867 being used as WAN router and for some reason I am not able to telnet or ssh to it. I have an acl to permit my local subnet on vty lines. here is some config and logs..

 

line vty 0 4
 access-class 10 in
 exec-timeout 5 0
 privilege level 15
 password 7 xxxxxxxxxxxx
 login local
 no activation-character
 no exec
 transport preferred none
 transport input telnet ssh
 transport output telnet ssh
 stopbits 1

 

access-list 10 permit 192.168.10.0 0.0.0.255 log


Standard IP access list 10
    10 permit 192.168.10.0, wildcard bits 0.0.0.255 log (50 matches)

 

TCP Debug:

 

=============
FOR TELNET
=============
002038: Jul 30 17:25:02.977 PST: Reserved port 0 in Transport Port Agent for TCP IP type 0
002039: Jul 30 17:25:02.977 PST: TCP0: state was LISTEN -> SYNRCVD [23 -> 192.168.10.78(1195)]
002040: Jul 30 17:25:02.977 PST: TCP: tcb 8A4641F0 connection to 192.168.10.78:1195, peer MSS 1460, MSS is 516
002041: Jul 30 17:25:02.977 PST: TCP: Selective ack is disabled from the CLI
002042: Jul 30 17:25:02.977 PST: TCP: sending SYN, seq 2241755462, ack 3644951675
002043: Jul 30 17:25:02.977 PST: TCP0: Connection to 192.168.10.78:1195, advertising MSS 1460
002044: Jul 30 17:25:02.977 PST: TCP0: state was SYNRCVD -> ESTAB [23 -> 192.168.10.78(1195)]
002045: Jul 30 17:25:02.981 PST: TCB8A4641F0 getting property TCP_COND_ACCEPT (1)
002046: Jul 30 17:25:02.981 PST: TCB8A4641F0 setting property TCP_TOS (11) 86222340
002047: Jul 30 17:25:02.981 PST: TCB8A4641F0 setting property TCP_RTRANSTMO (36) 86BB1910
002048: Jul 30 17:25:02.981 PST: TCB8A4641F0 setting property TCP_GIVEUP (41) 86BB1918
002049: Jul 30 17:25:02.981 PST: TCB8A4641F0 setting property TCP_KEEPALIVE (17) 86BB18F0
002050: Jul 30 17:25:02.981 PST: TCP: Setting Keepalive interval and retries to 60 and 4
002051: Jul 30 17:25:02.981 PST: TCP2: state was ESTAB -> FINWAIT1 [23 -> 192.168.10.78(1195)]
002052: Jul 30 17:25:02.981 PST: TCP2: sending FIN
002053: Jul 30 17:25:02.981 PST: TCP: Available resources insufficient
002054: Jul 30 17:25:02.981 PST: TCP2: state was FINWAIT1 -> FINWAIT2 [23 -> 192.168.10.78(1195)]
002055: Jul 30 17:25:02.997 PST: TCP2: bad seg from 192.168.10.78 -- Application closed: port 23 seq 3644951675 ack 2241755476 rcvnxt 3644951675 rcvwnd 4128 len 21
002056: Jul 30 17:25:02.997 PST: TCP: sending RST, seq 2241755476, ack 0
002057: Jul 30 17:25:02.997 PST: TCP2: state was FINWAIT2 -> CLOSED [23 -> 192.168.10.78(1195)]
002058: Jul 30 17:25:02.997 PST: TCB 0x8A4641F0 destroyed
002059: Jul 30 17:25:02.997 PST: TCP: sending RST, seq 2241755476, ack 0
002060: Jul 30 17:25:02.997 PST: TCP: sent RST to 192.168.10.78:1195 from 192.168.10.1:23
002061: Jul 30 17:25:02.997 PST: TCP: sending RST, seq 2241755476, ack 0
002062: Jul 30 17:25:02.997 PST: TCP: sent RST to 192.168.10.78:1195 from 192.168.10.1:23

=============
FOR SSH
=============
002064: Jul 30 17:26:16.805 PST: Reserved port 0 in Transport Port Agent for TCP IP type 0
002065: Jul 30 17:26:16.805 PST: TCP0: state was LISTEN -> SYNRCVD [22 -> 192.168.10.78(1197)]
002066: Jul 30 17:26:16.805 PST: TCP: tcb 897EB480 connection to 192.168.10.78:1197, peer MSS 1460, MSS is 516
002067: Jul 30 17:26:16.805 PST: TCP: Selective ack is disabled from the CLI
002068: Jul 30 17:26:16.805 PST: TCP: sending SYN, seq 256781700, ack 2795036373
002069: Jul 30 17:26:16.805 PST: TCP0: Connection to 192.168.10.78:1197, advertising MSS 1460
002070: Jul 30 17:26:16.809 PST: TCP0: state was SYNRCVD -> ESTAB [22 -> 192.168.10.78(1197)]
002071: Jul 30 17:26:16.809 PST: TCB897EB480 setting property TCP_TOS (11) 8621C491
002072: Jul 30 17:26:16.809 PST: TCB897EB480 getting property TCP_COND_ACCEPT (1)
002073: Jul 30 17:26:16.809 PST: TCB897EB480 setting property TCP_KEEPALIVE (17) 87AEB278
002074: Jul 30 17:26:16.809 PST: TCP: Setting Keepalive interval and retries to 60 and 4
002075: Jul 30 17:26:16.809 PST: TCB897EB480 setting property TCP_MSG_NOTIFY (8) 89DE0E68
002076: Jul 30 17:26:17.229 PST: TCP2: bad seg from 192.168.10.78 -- outside window: port 22 seq 2795037089 ack 256782304 rcvnxt 2795037361 rcvwnd 3140 len 272
002077: Jul 30 17:26:23.717 PST: TCP2: state was ESTAB -> FINWAIT1 [22 -> 192.168.10.78(1197)]
002078: Jul 30 17:26:23.717 PST: TCP2: sending FIN
002079: Jul 30 17:26:23.717 PST: TCP2: bad seg from 192.168.10.78 -- Application closed: port 22 seq 2795038333 ack 256783628 rcvnxt 2795038333 rcvwnd 3800 len 72
002080: Jul 30 17:26:23.717 PST: TCP: sending RST, seq 256783628, ack 0
002081: Jul 30 17:26:23.717 PST: TCP2: state was FINWAIT1 -> CLOSED [22 -> 192.168.10.78(1197)]
002082: Jul 30 17:26:23.721 PST: TCB 0x897EB480 destroyed
002083: Jul 30 17:26:23.721 PST: TCP: sending RST, seq 256783628, ack 0
002084: Jul 30 17:26:23.721 PST: TCP: sent RST to 192.168.10.78:1197 from 192.168.10.1:22
002085: Jul 30 17:26:23.721 PST: TCP: sending RST, seq 256783629, ack 0
002086: Jul 30 17:26:23.721 PST: TCP: sent RST to 192.168.10.78:1197 from 192.168.10.1:22
002087: Jul 30 17:26:23.721 PST: TCP: sending RST, seq 256783629, ack 0
002088: Jul 30 17:26:23.721 PST: TCP: sent RST to 192.168.10.78:1197 from 192.168.10.1:22

 

Regards!

Gill

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Peter Paluch
Cisco Employee
Cisco Employee

‎07-30-2015 05:46 PM

Hi Gill,

After a brief look at your configs, it appears you have the no exec command configured on your VTY lines. This command disables the command line interface on these VTY lines (it prevents the command interpreter from being started for an incoming session). I believe that this could be the cause of your troubles. Simply try entering the exec command in the line vty 0 4 section and try Telnet/SSH again.

Best regards,
Peter

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Peter Paluch
Cisco Employee
Cisco Employee

‎07-30-2015 05:46 PM

Hi Gill,

After a brief look at your configs, it appears you have the no exec command configured on your VTY lines. This command disables the command line interface on these VTY lines (it prevents the command interpreter from being started for an incoming session). I believe that this could be the cause of your troubles. Simply try entering the exec command in the line vty 0 4 section and try Telnet/SSH again.

Best regards,
Peter

0 Helpful

Go to solution
Nirbhai Gill
Level 1
Level 1
In response to Peter Paluch

‎07-30-2015 06:08 PM

Seems like it was. Thanks, its working now.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card