Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Can ping but can't telnet across tunnel

Posted on 2011-03-15
22
Medium Priority
?
1,879 Views
Last Modified: 2012-05-11
have 2 sites connected via vpn, all part of same AD forest, having issue with mail flow between exchange servers, so i try to telnet from each exchange server to the other on port 25 and it doesn't work, but they each can ping, so i try from the routers which are both cisco 2821, same thing can't telnet from the opposite router across tunnel on 25, but each router can telnet on 25 to its own site exchange server.  i can't see anything that would be preventing, hoping maybe you guys notice something, attached are the configs
courthouse-scrub.txt
resource-scrub.txt
0
Comment
Question by:jasonmichel
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 4
  • 3
  • +3
22 Comments
 
LVL 10

Accepted Solution

by:
ThorinO earned 400 total points
ID: 35139700
Sounds like a firewall issue, are you able to telnet to other known open ports? Have you checked the Windows firewall?
0
 
LVL 1

Author Comment

by:jasonmichel
ID: 35139872
i can telnet into the machines just fine from their own location and from outside, just not across the tunnel
0
 
LVL 10

Expert Comment

by:ThorinO
ID: 35140246
Can you telnet to any other ports across the VPN. I am not familiar with Cisco VPN configs but with a SonicWALL it generally acts like a LAN. However you could have another zone created that has some firewall rules in place.
0
Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

 
LVL 1

Author Comment

by:jasonmichel
ID: 35140256
just a simple ipsec tunnel protected with ACLS
0
 
LVL 17

Assisted Solution

by:Marius Gunnerud
Marius Gunnerud earned 400 total points
ID: 35144760
what are the ip addresses of the exchange servers? and please specify which ip belongs to the main office and which belongs to the remote.
0
 
LVL 1

Author Comment

by:jasonmichel
ID: 35147374
10.15.31.15- main
10.15.100.12- remote
0
 
LVL 12

Assisted Solution

by:profgeek
profgeek earned 400 total points
ID: 35147796
0
 
LVL 17

Expert Comment

by:Marius Gunnerud
ID: 35148094
you are not permitting the traffic for smtp to  10.15.31.15 and 10.15.100.12 in your nospam access-list and this access list is configured on almost all your interfaces except a couple exceptions.

Which interface connects to the remote office?

Try adding those two to the access-list nospam and test.
0
 
LVL 1

Author Comment

by:jasonmichel
ID: 35148737
the two interfaces don't have that applied, on the remote site it is  gig0/1.100
and on the main site gig0/1.31
0
 
LVL 20

Assisted Solution

by:RPPreacher
RPPreacher earned 400 total points
ID: 35175581
You need to allow port 25 inbound on Windows Server firewall from the remote ip range.
0
 
LVL 1

Author Comment

by:jasonmichel
ID: 35175826
the firewall is turned off, i can telnet on 25 from outside and from any pc on its own lan, just not from one side to the other
0
 
LVL 20

Expert Comment

by:RPPreacher
ID: 35175876
That is usually a Windows firewall issue.  Especially since ping works.  Which version of Windows server are you using?
0
 
LVL 18

Expert Comment

by:John Gates, CISSP
ID: 35175891
Some kind of firewall must be blocking the ports.  The routing is working as you are able to ICMP Ping and get a response...  If you have no firewalls in place between the two servers then it is time to look at the SMTP configuration and see if you have access restricted there.  Are you restricting access to SMTP by only having your local internal subnet listed?

-D-
0
 
LVL 1

Author Comment

by:jasonmichel
ID: 35177387
both are server 2008, and are you talking on the smtp recieve connector?
0
 
LVL 20

Expert Comment

by:RPPreacher
ID: 35177434
2008 has an inbound & outbound firewall in Windows. Did you open 25 on both?
0
 
LVL 1

Author Comment

by:jasonmichel
ID: 35177439
the servers are sending mail to the outside fine?  so i assume they are open?
0
 
LVL 20

Expert Comment

by:RPPreacher
ID: 35177534
Two different firewalls. Inbound & outbound
0
 
LVL 18

Assisted Solution

by:John Gates, CISSP
John Gates, CISSP earned 400 total points
ID: 35179883
I would start looking at the smtp config.  Here's why:  You can ping so you know routing is not the problem.  You are pretty much ruling out the firewall yourself...  So SMTP has to be dropping the connection due to a setting on the SMTP configuration...  Just for grins add the IP range of the remote subnet to the allowed connections SMTP configuration setting.

-D-
0
 
LVL 1

Author Comment

by:jasonmichel
ID: 35180870
you are talking on the recieve connector of each?
0
 
LVL 18

Expert Comment

by:John Gates, CISSP
ID: 35181019
Yes.  There has to be a restriction that is preventing that connection from occurring.  If you do not have any incoming restrictions set up then The SMTP logs are going to be the next place to look to see why the disconnection is occurring.
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Originally, this post was published on Monitis Blog, you can check it here . It goes without saying that technology has transformed society and the very nature of how we live, work, and communicate in ways that would’ve been incomprehensible 5 ye…
WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Suggested Courses

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question