Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Permitting telnet through port 80

We have a CSS with a configured vip for 4 servers in a cluster.

The admins want to telnet via port 80 to the VIP and reach a server.

They are coming from 192.168.5.x

I have entered thse rules

access-list inside_access_in line 39 extended permit tcp 192.168.5.0 255.255.255.0 host Web-VIP object-group http-https 0x71c87785

access-list inside_access_in line 39 extended permit tcp 192.168.5.0 255.255.255.0 host Web-VIP eq https (hitcnt=0) 0x7cd8bb99

access-list inside_access_in line 39 extended permit tcp 192.168.5.0 255.255.255.0 host Web-VIP eq www (hitcnt=0) 0xfc9707c4

However when i do a packet trace on ASDM with a packet tracer it is being denied by the deny ip any any rule

I am using the inside interface...source 192.168.5.3 as source, actual web vip as dest...source port telnet......dest port http/www

2 REPLIES
New Member

Re: Permitting telnet through port 80

Where are Web-VIP host located? DMZ or outside?

Please post your nat configuration.


Guido.

Please rate all the helpful comments.

New Member

Re: Permitting telnet through port 80

there is no NAT going on for this particular node...all addressing is internal.

However this VIP could be considered to reside on the inside interface

134
Views
0
Helpful
2
Replies