Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
329
Views
0
Helpful
2
Replies

Permitting telnet through port 80

nygenxny123
Level 1
Level 1

‎06-10-2009 09:35 AM - edited ‎03-11-2019 08:41 AM

We have a CSS with a configured vip for 4 servers in a cluster.

The admins want to telnet via port 80 to the VIP and reach a server.

They are coming from 192.168.5.x

I have entered thse rules

access-list inside_access_in line 39 extended permit tcp 192.168.5.0 255.255.255.0 host Web-VIP object-group http-https 0x71c87785

access-list inside_access_in line 39 extended permit tcp 192.168.5.0 255.255.255.0 host Web-VIP eq https (hitcnt=0) 0x7cd8bb99

access-list inside_access_in line 39 extended permit tcp 192.168.5.0 255.255.255.0 host Web-VIP eq www (hitcnt=0) 0xfc9707c4

However when i do a packet trace on ASDM with a packet tracer it is being denied by the deny ip any any rule

I am using the inside interface...source 192.168.5.3 as source, actual web vip as dest...source port telnet......dest port http/www

Labels:
0 Helpful
2 Replies 2

BrinksArgentina
Level 1
Level 1

‎06-10-2009 10:20 AM

Where are Web-VIP host located? DMZ or outside?

Please post your nat configuration.


Guido.

Please rate all the helpful comments.

0 Helpful

nygenxny123
Level 1
Level 1
In response to BrinksArgentina

‎06-10-2009 10:46 AM

there is no NAT going on for this particular node...all addressing is internal.

However this VIP could be considered to reside on the inside interface

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card