02-27-2007 02:38 PM
Shouldn't I be able to access the 192.168.59.40 switch from the 10.10.1.9 by telneting to 10.10.1.150?
And visa-versa, access the 10.10.1.9 from 192.168 network by telneting to 192.168.59.41?
what am i missing?
config & diagram attached
02-27-2007 04:20 PM
Hi,
Not sure if I am reading the configuration correctly or if the information is intentionally masked, however, instead of:
access-group (Xignux) in interface outside
I expect to see"
access-group testlab in interface outside
Please check and make the adequate changes and let me know so that I could investigate further.
Regards,
Ajit Singh
02-27-2007 04:26 PM
you are correct. access-group testlab in interface outside is what it's supposed to be.
thanks for checking config.
/t
02-27-2007 04:30 PM
hostname testlab
domain-name testlab.com
names
dns-guard
!
interface Ethernet0
nameif outside
security-level 0
ip address 10.10.1.126 255.255.255.0
!
interface Ethernet1
nameif inside
security-level 100
ip address 192.168.59.37 255.255.255.224
!
interface Ethernet2
shutdown
no nameif
no security-level
no ip address
!
ftp mode passive
access-list testlab permit tcp 10.10.1.0 255.255.255.0 host 10.10.1.150 eq telnet
access-list testlab permit tcp 10.10.1.0 255.255.255.0 host 10.10.1.150
access-list testlab permit icmp 10.10.1.0 255.255.255.0 host 10.10.1.150
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
asdm image flash:/asdm
no asdm history enable
arp timeout 14400
alias (inside) 192.168.59.41 10.10.1.9 255.255.255.255
static (inside,outside) 10.10.1.150 192.168.59.40 netmask 255.255.255.255
access-group testlab in interface outside
route inside 192.168.0.0 255.0.0.0 192.168.59.33 1
route outside 10.1.1.0 255.255.255.0 10.10.1.42 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet 192.168.0.0 255.255.0.0 inside
telnet timeout 300
ssh timeout 60
console timeout 0
management-access inside
02-27-2007 04:41 PM
Hi,
So with the change, are we able to tenlet now? or do we need further investigation ?
Kindly update and rate the resolution.
Ajit
02-27-2007 04:51 PM
hostname testlab
domain-name testlab.com
names
dns-guard
!
interface Ethernet0
nameif outside
security-level 0
ip address 10.10.1.126 255.255.255.0
!
interface Ethernet1
nameif inside
security-level 100
ip address 192.168.59.37 255.255.255.224
!
interface Ethernet2
shutdown
no nameif
no security-level
no ip address
!
ftp mode passive
access-list testlab permit tcp 10.10.1.0 255.255.255.0 host 10.10.1.150 eq telnet
access-list testlab permit tcp 10.10.1.0 255.255.255.0 host 10.10.1.150
access-list testlab permit icmp 10.10.1.0 255.255.255.0 host 10.10.1.150
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
asdm image flash:/asdm
no asdm history enable
arp timeout 14400
alias (inside) 192.168.59.41 10.10.1.9 255.255.255.255
static (inside,outside) 10.10.1.150 192.168.59.40 netmask 255.255.255.255
access-group testlab in interface outside
route inside 192.168.0.0 255.0.0.0 192.168.59.33 1
route outside 10.1.1.0 255.255.255.0 10.10.1.42 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet 192.168.0.0 255.255.0.0 inside
telnet timeout 300
ssh timeout 60
console timeout 0
management-access inside
02-27-2007 05:02 PM
Hi,
Please check if the 2600 Router have a reverse route i.e.
ip route 10.10.1.0 0.0.0.255 192.168.59.37
Regards,
Ajit Singh
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide