No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

From part of remote sites can not login USG2260 via telnet

Publication Date:  2016-01-06 Views:  154 Downloads:  0
Issue Description

Customer experienced one issue, he can ping the HQ device USG2260 from some remote sites, but he can't telnet it, from some other sites can telnet the same device. the network topology as following:




Handling Process

1.Try to ping USG2260 IP address 10.149.197.108, it actually is reachable.

2.Telnet the same IP address of USG2260, we can see the login information, ask customer to input user name and passward, but after type these information, it shows failed. But he same user name and password can login at other sites.

3.When customer did the login operation, he captured the packets at the same time, after analzyed the captured packets, I find the information device feedback are not correct, as following:



The feedback information from IP address 10.149.197.108 is starting with " Login authentication ", but on firewall USG2260 device, it should start with the following header:

***********************************************************

*  Copyright (C) 2008-2014 Huawei Technologies Co., Ltd.  *

*       Without the owner's prior written consent,        *

* no decompiling or reverse-engineering shall be allowed. *

* Notice:                                                 *

*      This is a private communication system.            *

*   Unauthorized access or use may lead to prosecution.   *

***********************************************************


The releated correct captured packets (test in lab USG2260 device) as following:


4. According to the above analyzed, we make sure the device which logined failed are not USG2260, it should be other device which was configured the same IP address 10.149.197.108 in the ISP network.


5. We make the ping 10.149.197.108 to make sure the analysis results, when we ping from the site, it is reachable, but we can't see any firewall session about this on the USG2260 device. so we make sure the device is not USG2260.



Root Cause

Caused by the ISP network issue, there are same IP address was configured on other devcie in ISP network, it should be the ISP connect the sites to incorrect VPN.

Solution

Ask ISP provider to correct his network's VPN configuration or IP address configruation.

END