Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Authenticating Access to Perimeter Router from Inside network

I have a real world scenario, I want to have ACS server at the Inside network, controls the access to Perimeter router which is at the Outside Interface of ASA-5500. The users will access the router from the Inside network, only.

I did made STATIC and ACL to permit initiation of TCP port 49 from the outside to the statically mapped global address, but I only get portion of the Router's banner when telnetting to it.

Router's tacacs debug shows the router receives the telnet request, it accordingly send request to ACS but dies there. Appreciate your help.



Re: Authenticating Access to Perimeter Router from Inside networ

For both the virtual http and virtual telnet commands, if the connection is started on either an outside or perimeter interface, a static and conduit command pair is required for the fictitious IP address. virtual telnet allows the Virtual Telnet server to provide a way to pre-authenticate users who require connections through the PIX. Firewall using services or protocols that do not support authentication. If inbound users on either the perimeter or outside interfaces need access to the Virtual Telnet server, a static and conduit command pair must accompany use of virtual telnet. The global IP address in the static command must be a real IP address.

CreatePlease to create content