ASA5505 telnet from across Site to Site VPN tunnel doesn't prompt for password

Hello,

I have a site to site VPN tunnel between cisco ASA5525 and ASA5505.  I allow telnet from my network 10.x.x.x 255.0.0.0 inside and I get a blank black screen from telnet but if I change it to 0.0.0.0 0.0.0.0 inside it brings up password prompt.

My IP is 10.x.x.x 255.255.0.0
bergquistcompanyAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

rauenpcCommented:
This could be a routing/RPF issue. When the allow statement is a specific subnet, RPF expects traffic to come from a certain interface. VPN traffic is kind of odd in that it is treated like inside traffic because it is trusted, but when it comes to certain rules the physical interfaces must be referenced - NAT would be one of those rules. When you use a default 0.0.0.0 for telnet access, the ASA doesn't need to worry about the source interface anymore which could be why that works.

If you are running 8.3+ code, find the nat exemption rule for this traffic and add the "route-lookup" keyword to the end of the statement. This might allow you to specific the subnet for telnet and get a proper response.
0
bergquistcompanyAuthor Commented:
@ rauenpc I am running 8.2 so I'm not sure where to look,

I have telnet 10.10.0.0 255.255.0.0 inside
0
bergquistcompanyAuthor Commented:
removed all SSH and Telnet commands per blog I found and then reapplied configuration for ssh and telnet and it worked.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
bergquistcompanyAuthor Commented:
found 3rd party suggestion and followed which worked so wanted to share
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Cisco

From novice to tech pro — start learning today.