Solved

Can ping but can't telnet across tunnel

Posted on 2011-03-15
22
1,756 Views
Last Modified: 2012-05-11
have 2 sites connected via vpn, all part of same AD forest, having issue with mail flow between exchange servers, so i try to telnet from each exchange server to the other on port 25 and it doesn't work, but they each can ping, so i try from the routers which are both cisco 2821, same thing can't telnet from the opposite router across tunnel on 25, but each router can telnet on 25 to its own site exchange server.  i can't see anything that would be preventing, hoping maybe you guys notice something, attached are the configs
courthouse-scrub.txt
resource-scrub.txt
0
Comment
Question by:jasonmichel
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 4
  • 3
  • +3
22 Comments
 
LVL 10

Accepted Solution

by:
ThorinO earned 100 total points
ID: 35139700
Sounds like a firewall issue, are you able to telnet to other known open ports? Have you checked the Windows firewall?
0
 
LVL 1

Author Comment

by:jasonmichel
ID: 35139872
i can telnet into the machines just fine from their own location and from outside, just not across the tunnel
0
 
LVL 10

Expert Comment

by:ThorinO
ID: 35140246
Can you telnet to any other ports across the VPN. I am not familiar with Cisco VPN configs but with a SonicWALL it generally acts like a LAN. However you could have another zone created that has some firewall rules in place.
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
LVL 1

Author Comment

by:jasonmichel
ID: 35140256
just a simple ipsec tunnel protected with ACLS
0
 
LVL 17

Assisted Solution

by:MAG03
MAG03 earned 100 total points
ID: 35144760
what are the ip addresses of the exchange servers? and please specify which ip belongs to the main office and which belongs to the remote.
0
 
LVL 1

Author Comment

by:jasonmichel
ID: 35147374
10.15.31.15- main
10.15.100.12- remote
0
 
LVL 12

Assisted Solution

by:profgeek
profgeek earned 100 total points
ID: 35147796
0
 
LVL 17

Expert Comment

by:MAG03
ID: 35148094
you are not permitting the traffic for smtp to  10.15.31.15 and 10.15.100.12 in your nospam access-list and this access list is configured on almost all your interfaces except a couple exceptions.

Which interface connects to the remote office?

Try adding those two to the access-list nospam and test.
0
 
LVL 1

Author Comment

by:jasonmichel
ID: 35148737
the two interfaces don't have that applied, on the remote site it is  gig0/1.100
and on the main site gig0/1.31
0
 
LVL 20

Assisted Solution

by:RPPreacher
RPPreacher earned 100 total points
ID: 35175581
You need to allow port 25 inbound on Windows Server firewall from the remote ip range.
0
 
LVL 1

Author Comment

by:jasonmichel
ID: 35175826
the firewall is turned off, i can telnet on 25 from outside and from any pc on its own lan, just not from one side to the other
0
 
LVL 20

Expert Comment

by:RPPreacher
ID: 35175876
That is usually a Windows firewall issue.  Especially since ping works.  Which version of Windows server are you using?
0
 
LVL 17

Expert Comment

by:John Gates, CISSP
ID: 35175891
Some kind of firewall must be blocking the ports.  The routing is working as you are able to ICMP Ping and get a response...  If you have no firewalls in place between the two servers then it is time to look at the SMTP configuration and see if you have access restricted there.  Are you restricting access to SMTP by only having your local internal subnet listed?

-D-
0
 
LVL 1

Author Comment

by:jasonmichel
ID: 35177387
both are server 2008, and are you talking on the smtp recieve connector?
0
 
LVL 20

Expert Comment

by:RPPreacher
ID: 35177434
2008 has an inbound & outbound firewall in Windows. Did you open 25 on both?
0
 
LVL 1

Author Comment

by:jasonmichel
ID: 35177439
the servers are sending mail to the outside fine?  so i assume they are open?
0
 
LVL 20

Expert Comment

by:RPPreacher
ID: 35177534
Two different firewalls. Inbound & outbound
0
 
LVL 17

Assisted Solution

by:John Gates, CISSP
John Gates, CISSP earned 100 total points
ID: 35179883
I would start looking at the smtp config.  Here's why:  You can ping so you know routing is not the problem.  You are pretty much ruling out the firewall yourself...  So SMTP has to be dropping the connection due to a setting on the SMTP configuration...  Just for grins add the IP range of the remote subnet to the allowed connections SMTP configuration setting.

-D-
0
 
LVL 1

Author Comment

by:jasonmichel
ID: 35180870
you are talking on the recieve connector of each?
0
 
LVL 17

Expert Comment

by:John Gates, CISSP
ID: 35181019
Yes.  There has to be a restriction that is preventing that connection from occurring.  If you do not have any incoming restrictions set up then The SMTP logs are going to be the next place to look to see why the disconnection is occurring.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the hope of saving someone else's sanity... About a year ago we bought a Cisco 1921 router with two ADSL/VDSL EHWIC cards to load balance local network traffic over the two broadband lines we have, but we couldn't get the routing to work consi…
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question