Permitting telnet through port 80

Unanswered Question
Jun 10th, 2009

We have a CSS with a configured vip for 4 servers in a cluster.

The admins want to telnet via port 80 to the VIP and reach a server.

They are coming from 192.168.5.x

I have entered thse rules

access-list inside_access_in line 39 extended permit tcp 192.168.5.0 255.255.255.0 host Web-VIP object-group http-https 0x71c87785

access-list inside_access_in line 39 extended permit tcp 192.168.5.0 255.255.255.0 host Web-VIP eq https (hitcnt=0) 0x7cd8bb99

access-list inside_access_in line 39 extended permit tcp 192.168.5.0 255.255.255.0 host Web-VIP eq www (hitcnt=0) 0xfc9707c4

However when i do a packet trace on ASDM with a packet tracer it is being denied by the deny ip any any rule

I am using the inside interface...source 192.168.5.3 as source, actual web vip as dest...source port telnet......dest port http/www

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
BrinksArgentina Wed, 06/10/2009 - 10:20

Where are Web-VIP host located? DMZ or outside?

Please post your nat configuration.


Guido.

Please rate all the helpful comments.

nygenxny123 Wed, 06/10/2009 - 10:46

there is no NAT going on for this particular node...all addressing is internal.

However this VIP could be considered to reside on the inside interface

Actions

This Discussion