Unable to Telnet

Original Message

Name: networkid83
Date: May 6, 2008 at 20:46:38 Pacific
Subject: Unable to Telnet
OS: Server 2003 SP1
CPU/Ram: custom

Comment:

Folks,
I am trying to help my friend who has problem with SFTP.
Source IP from where he is trying to SFTP: 10.254.227.* (DMZ VLAN)
Destination IP: 10.254.230.* where we need access(Also a VLAN)
There is a Checkpoint and PIX firewall on which access-lists are configured.
On checking logs on both firewalls the SFTP is permitted.
We tested it many times from command prompt but connections fails saying 'Connection failed on port 22'
For eg: >telnet ip address 22
Tried to telnet from server (ip 10.254.227.*) to (10.254.230.*)
We tried telnetting on port 22 first and then 21 also but no joy.
Can someone give some ideas as what could be preventing the connection?
**************************************************************************
I hope someone can help us?
We are not in a situation to ping or tracert destination as our client has given access to
couple of servers only and not all the servers.
Networkid

Report Offensive Message For Removal

Response Number 1

Name: Curt R
Date: May 7, 2008 at 10:01:52 Pacific
Subject: Unable to Telnet

Reply: (edit)

I can think of a couple things that might be preventing the connection. The first that jumps to mind is a firewall setting. The second is, if they're two different VLAN's you're not going to connect unless there is a route between the two VLAN's.
We are not in a situation to ping or tracert destination as our client has given access to
couple of servers only and not all the servers.
You should still be able to ping and/or tracert the server(s) you've been given access to.....unless they have a firewall in between that is set to not reply to pings or tracert.

Report Offensive Follow Up For Removal

Response Number 2

Name: networkid83
Date: May 7, 2008 at 15:41:55 Pacific
Subject: Unable to Telnet

Reply: (edit)

Hey Curt R,
For PIX firewall it seems like address translation issue.
We have got log from PIX firewall as follows
****************************************
2008-05-07 21:31:29 Local6.Info 192.168.1.1 %ASA-6-106100: access-list Outside-inbound permitted tcp Outside/10.254.227.*(3882) -> OperWebMgmt/10.254.230.*(22) hit-cnt 1 first hit
2008-05-07 21:31:29 Local6.Error 192.168.1.1 %ASA-3-305005: No translation group found for tcp src Outside:10.254.227.*/3882 dst OperWebMgmt:10.254.230.*/22
***************************************
Looks to us like PIX is allowing to make inbound connection but not able to make it out towards destination.
There is a route between both VLAN's.
Due to security reasons ping and tracert are disabled.
Not sure what to check now?

Thanks
Networkid

Report Offensive Follow Up For Removal

Response Number 3

Name: jefro
Date: May 7, 2008 at 19:11:46 Pacific
Subject: Unable to Telnet

Reply: (edit)

What is with the 3882 port?
"Best Practices", Event viewer, host file, perfmon, are in my top 10

Report Offensive Follow Up For Removal

Response Number 4

Name: guapo
Date: May 9, 2008 at 17:01:47 Pacific
Subject: Unable to Telnet

Reply: (edit)

Telnet and SFTP are 2 different protocols and you are trying to telnet to an FTP port. The telnet port is 23 not 22 or 21.
The command is sftp or ftp 10.x.x.x , not telnet.

Report Offensive Follow Up For Removal


Printer unable to connect, access d Unable to connect to server 2003 Unable to attach drive letter unable to delete files Unable to Terminal Service	Unable to see DC in diff. subnet Unable to find RealTek NIC Driver Unable to access OS/2 shared folder Unable to open port Unable to access internet