Authenticating Access to Perimeter Router from Inside network

Unanswered Question
Dec 14th, 2007

I have a real world scenario, I want to have ACS server at the Inside network, controls the access to Perimeter router which is at the Outside Interface of ASA-5500. The users will access the router from the Inside network, only.

I did made STATIC and ACL to permit initiation of TCP port 49 from the outside to the statically mapped global address, but I only get portion of the Router's banner when telnetting to it.

Router's tacacs debug shows the router receives the telnet request, it accordingly send request to ACS but dies there. Appreciate your help.


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
ebreniz Fri, 12/21/2007 - 13:21

For both the virtual http and virtual telnet commands, if the connection is started on either an outside or perimeter interface, a static and conduit command pair is required for the fictitious IP address. virtual telnet allows the Virtual Telnet server to provide a way to pre-authenticate users who require connections through the PIX. Firewall using services or protocols that do not support authentication. If inbound users on either the perimeter or outside interfaces need access to the Virtual Telnet server, a static and conduit command pair must accompany use of virtual telnet. The global IP address in the static command must be a real IP address.


This Discussion