Permitting telnet through port 80

Unanswered Question
Jun 10th, 2009
User Badges:

We have a CSS with a configured vip for 4 servers in a cluster.


The admins want to telnet via port 80 to the VIP and reach a server.


They are coming from 192.168.5.x



I have entered thse rules


access-list inside_access_in line 39 extended permit tcp 192.168.5.0 255.255.255.0 host Web-VIP object-group http-https 0x71c87785

access-list inside_access_in line 39 extended permit tcp 192.168.5.0 255.255.255.0 host Web-VIP eq https (hitcnt=0) 0x7cd8bb99

access-list inside_access_in line 39 extended permit tcp 192.168.5.0 255.255.255.0 host Web-VIP eq www (hitcnt=0) 0xfc9707c4


However when i do a packet trace on ASDM with a packet tracer it is being denied by the deny ip any any rule



I am using the inside interface...source 192.168.5.3 as source, actual web vip as dest...source port telnet......dest port http/www


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
BrinksArgentina Wed, 06/10/2009 - 10:20
User Badges:

Where are Web-VIP host located? DMZ or outside?


Please post your nat configuration.




Guido.

Please rate all the helpful comments.


nygenxny123 Wed, 06/10/2009 - 10:46
User Badges:

there is no NAT going on for this particular node...all addressing is internal.


However this VIP could be considered to reside on the inside interface

Actions

This Discussion