Folks, I am trying to help my friend who has problem with SFTP. Source IP from where he is trying to SFTP: 10.254.227.* (DMZ VLAN) Destination IP: 10.254.230.* where we need access(Also a VLAN) There is a Checkpoint and PIX firewall on which access-lists are configured. On checking logs on both firewalls the SFTP is permitted. We tested it many times from command prompt but connections fails saying 'Connection failed on port 22' For eg: >telnet ip address 22 Tried to telnet from server (ip 10.254.227.*) to (10.254.230.*) We tried telnetting on port 22 first and then 21 also but no joy. Can someone give some ideas as what could be preventing the connection? ************************************************************************** I hope someone can help us? We are not in a situation to ping or tracert destination as our client has given access to couple of servers only and not all the servers. Networkid

I can think of a couple things that might be preventing the connection. The first that jumps to mind is a firewall setting. The second is, if they're two different VLAN's you're not going to connect unless there is a route between the two VLAN's. We are not in a situation to ping or tracert destination as our client has given access to couple of servers only and not all the servers. You should still be able to ping and/or tracert the server(s) you've been given access to.....unless they have a firewall in between that is set to not reply to pings or tracert.

Hey Curt R, For PIX firewall it seems like address translation issue. We have got log from PIX firewall as follows **************************************** 2008-05-07 21:31:29 Local6.Info 192.168.1.1 %ASA-6-106100: access-list Outside-inbound permitted tcp Outside/10.254.227.*(3882) -> OperWebMgmt/10.254.230.*(22) hit-cnt 1 first hit 2008-05-07 21:31:29 Local6.Error 192.168.1.1 %ASA-3-305005: No translation group found for tcp src Outside:10.254.227.*/3882 dst OperWebMgmt:10.254.230.*/22 *************************************** Looks to us like PIX is allowing to make inbound connection but not able to make it out towards destination. There is a route between both VLAN's. Due to security reasons ping and tracert are disabled. Not sure what to check now? Thanks Networkid

What is with the 3882 port? "Best Practices", Event viewer, host file, perfmon, are in my top 10

Telnet and SFTP are 2 different protocols and you are trying to telnet to an FTP port. The telnet port is 23 not 22 or 21. The command is sftp or ftp 10.x.x.x , not telnet.