?
Solved

Can ping but can't telnet across tunnel

Posted on 2011-03-15
22
Medium Priority
?
1,817 Views
Last Modified: 2012-05-11
have 2 sites connected via vpn, all part of same AD forest, having issue with mail flow between exchange servers, so i try to telnet from each exchange server to the other on port 25 and it doesn't work, but they each can ping, so i try from the routers which are both cisco 2821, same thing can't telnet from the opposite router across tunnel on 25, but each router can telnet on 25 to its own site exchange server.  i can't see anything that would be preventing, hoping maybe you guys notice something, attached are the configs
courthouse-scrub.txt
resource-scrub.txt
0
Comment
Question by:jasonmichel
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 4
  • 3
  • +3
22 Comments
 
LVL 10

Accepted Solution

by:
ThorinO earned 400 total points
ID: 35139700
Sounds like a firewall issue, are you able to telnet to other known open ports? Have you checked the Windows firewall?
0
 
LVL 1

Author Comment

by:jasonmichel
ID: 35139872
i can telnet into the machines just fine from their own location and from outside, just not across the tunnel
0
 
LVL 10

Expert Comment

by:ThorinO
ID: 35140246
Can you telnet to any other ports across the VPN. I am not familiar with Cisco VPN configs but with a SonicWALL it generally acts like a LAN. However you could have another zone created that has some firewall rules in place.
0
Veeam Task Manager for Hyper-V

Task Manager for Hyper-V provides critical information that allows you to monitor Hyper-V performance by displaying real-time views of CPU and memory at the individual VM-level, so you can quickly identify which VMs are using host resources.

 
LVL 1

Author Comment

by:jasonmichel
ID: 35140256
just a simple ipsec tunnel protected with ACLS
0
 
LVL 17

Assisted Solution

by:MAG03
MAG03 earned 400 total points
ID: 35144760
what are the ip addresses of the exchange servers? and please specify which ip belongs to the main office and which belongs to the remote.
0
 
LVL 1

Author Comment

by:jasonmichel
ID: 35147374
10.15.31.15- main
10.15.100.12- remote
0
 
LVL 12

Assisted Solution

by:profgeek
profgeek earned 400 total points
ID: 35147796
0
 
LVL 17

Expert Comment

by:MAG03
ID: 35148094
you are not permitting the traffic for smtp to  10.15.31.15 and 10.15.100.12 in your nospam access-list and this access list is configured on almost all your interfaces except a couple exceptions.

Which interface connects to the remote office?

Try adding those two to the access-list nospam and test.
0
 
LVL 1

Author Comment

by:jasonmichel
ID: 35148737
the two interfaces don't have that applied, on the remote site it is  gig0/1.100
and on the main site gig0/1.31
0
 
LVL 20

Assisted Solution

by:RPPreacher
RPPreacher earned 400 total points
ID: 35175581
You need to allow port 25 inbound on Windows Server firewall from the remote ip range.
0
 
LVL 1

Author Comment

by:jasonmichel
ID: 35175826
the firewall is turned off, i can telnet on 25 from outside and from any pc on its own lan, just not from one side to the other
0
 
LVL 20

Expert Comment

by:RPPreacher
ID: 35175876
That is usually a Windows firewall issue.  Especially since ping works.  Which version of Windows server are you using?
0
 
LVL 18

Expert Comment

by:John Gates, CISSP
ID: 35175891
Some kind of firewall must be blocking the ports.  The routing is working as you are able to ICMP Ping and get a response...  If you have no firewalls in place between the two servers then it is time to look at the SMTP configuration and see if you have access restricted there.  Are you restricting access to SMTP by only having your local internal subnet listed?

-D-
0
 
LVL 1

Author Comment

by:jasonmichel
ID: 35177387
both are server 2008, and are you talking on the smtp recieve connector?
0
 
LVL 20

Expert Comment

by:RPPreacher
ID: 35177434
2008 has an inbound & outbound firewall in Windows. Did you open 25 on both?
0
 
LVL 1

Author Comment

by:jasonmichel
ID: 35177439
the servers are sending mail to the outside fine?  so i assume they are open?
0
 
LVL 20

Expert Comment

by:RPPreacher
ID: 35177534
Two different firewalls. Inbound & outbound
0
 
LVL 18

Assisted Solution

by:John Gates, CISSP
John Gates, CISSP earned 400 total points
ID: 35179883
I would start looking at the smtp config.  Here's why:  You can ping so you know routing is not the problem.  You are pretty much ruling out the firewall yourself...  So SMTP has to be dropping the connection due to a setting on the SMTP configuration...  Just for grins add the IP range of the remote subnet to the allowed connections SMTP configuration setting.

-D-
0
 
LVL 1

Author Comment

by:jasonmichel
ID: 35180870
you are talking on the recieve connector of each?
0
 
LVL 18

Expert Comment

by:John Gates, CISSP
ID: 35181019
Yes.  There has to be a restriction that is preventing that connection from occurring.  If you do not have any incoming restrictions set up then The SMTP logs are going to be the next place to look to see why the disconnection is occurring.
0

Featured Post

Tutorial: Introduction to Managing a Linux Server

In this tutorial on systemd, we will explore:
-OS/Distro Adoption
-chkconfig and Other Legacy Commands
-Summary and Key Commands

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
This month, Experts Exchange’s free Course of the Month is focused on CompTIA IT Fundamentals.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Suggested Courses
Course of the Month10 days, 6 hours left to enroll

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question