02-27-2007 02:38 PM
Shouldn't I be able to access the 192.168.59.40 switch from the 10.10.1.9 by telneting to 10.10.1.150?
And visa-versa, access the 10.10.1.9 from 192.168 network by telneting to 192.168.59.41?
what am i missing?
config & diagram attached
02-27-2007 04:20 PM
Hi,
Not sure if I am reading the configuration correctly or if the information is intentionally masked, however, instead of:
access-group (Xignux) in interface outside
I expect to see"
access-group testlab in interface outside
Please check and make the adequate changes and let me know so that I could investigate further.
Regards,
Ajit Singh
02-27-2007 04:26 PM
you are correct. access-group testlab in interface outside is what it's supposed to be.
thanks for checking config.
/t
02-27-2007 04:30 PM
hostname testlab
domain-name testlab.com
names
dns-guard
!
interface Ethernet0
nameif outside
security-level 0
ip address 10.10.1.126 255.255.255.0
!
interface Ethernet1
nameif inside
security-level 100
ip address 192.168.59.37 255.255.255.224
!
interface Ethernet2
shutdown
no nameif
no security-level
no ip address
!
ftp mode passive
access-list testlab permit tcp 10.10.1.0 255.255.255.0 host 10.10.1.150 eq telnet
access-list testlab permit tcp 10.10.1.0 255.255.255.0 host 10.10.1.150
access-list testlab permit icmp 10.10.1.0 255.255.255.0 host 10.10.1.150
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
asdm image flash:/asdm
no asdm history enable
arp timeout 14400
alias (inside) 192.168.59.41 10.10.1.9 255.255.255.255
static (inside,outside) 10.10.1.150 192.168.59.40 netmask 255.255.255.255
access-group testlab in interface outside
route inside 192.168.0.0 255.0.0.0 192.168.59.33 1
route outside 10.1.1.0 255.255.255.0 10.10.1.42 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet 192.168.0.0 255.255.0.0 inside
telnet timeout 300
ssh timeout 60
console timeout 0
management-access inside
02-27-2007 04:41 PM
Hi,
So with the change, are we able to tenlet now? or do we need further investigation ?
Kindly update and rate the resolution.
Ajit
02-27-2007 04:51 PM
hostname testlab
domain-name testlab.com
names
dns-guard
!
interface Ethernet0
nameif outside
security-level 0
ip address 10.10.1.126 255.255.255.0
!
interface Ethernet1
nameif inside
security-level 100
ip address 192.168.59.37 255.255.255.224
!
interface Ethernet2
shutdown
no nameif
no security-level
no ip address
!
ftp mode passive
access-list testlab permit tcp 10.10.1.0 255.255.255.0 host 10.10.1.150 eq telnet
access-list testlab permit tcp 10.10.1.0 255.255.255.0 host 10.10.1.150
access-list testlab permit icmp 10.10.1.0 255.255.255.0 host 10.10.1.150
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
asdm image flash:/asdm
no asdm history enable
arp timeout 14400
alias (inside) 192.168.59.41 10.10.1.9 255.255.255.255
static (inside,outside) 10.10.1.150 192.168.59.40 netmask 255.255.255.255
access-group testlab in interface outside
route inside 192.168.0.0 255.0.0.0 192.168.59.33 1
route outside 10.1.1.0 255.255.255.0 10.10.1.42 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet 192.168.0.0 255.255.0.0 inside
telnet timeout 300
ssh timeout 60
console timeout 0
management-access inside
02-27-2007 05:02 PM
Hi,
Please check if the 2600 Router have a reverse route i.e.
ip route 10.10.1.0 0.0.0.255 192.168.59.37
Regards,
Ajit Singh
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: