cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
436
Views
0
Helpful
2
Replies

IOS SSL VPN and Thin Client

Chuan Liu
Level 1
Level 1

Hi All,

I have setup SSL VPN on a border C871 with port forwarding for Telnet and ssh access to inside C3845 routers. The inside router has ACL enabled to controll access on vty lines. When I remove the ACL, I can successfully telnet 127.0.0.1 3000 from local PC to the inside router. When the ACL is enabled, I cannot access the router. One would think this is normal. But the problem is there even if I have a 'permit any' statement in the ACL to allow any access. Here is the script:

-------------------------

access-list 99 permit any

line vty 0 4

access-class 99 in

transport input all

!

--------------------------

C871 is in version c870-advipservicesk9-mz.124-15.T9.bin; and C3845 is in c3845-advipservicesk9-mz.124-9.T7.bin.

Any ideas on this would be appreciated.

Thanks.

Chuan

2 Replies 2

james.bastnagel
Level 1
Level 1

Chuan,

Can you post a copy of the ACL itself and confirm what port you are using for telnet access? From your post it appears that you may be using port 3000, but I am unclear on that piece.

James

Hi James,

I cannot access even when the ACL has only one statement: access-list 99 per any.

In the SSL VPN router, port 3000 is defined for ssh.

port-forward "Core01"
   local-port 3000 remote-server "192.168.179.193" remote-port 22

When connected from Laptop to the SSL VPN router, I telnet on 127.0.0.1 3000 from DOS prompt.

When the above ACL is removed, the telnet is working.

Thanks for your idea,

Chuan

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: