Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Access List Troubles

I have a 1721 router, and a 506E firewall with NAT.

Inside the network, we have a machine in which we wish to telnet into from the outside world. I have the router setup with static NAT so that machine has a public IP.

I can ping that public IP successfully.

When I TELNET to it, it always times out. I am guessing I need to open up the firewall on port 23. I am good with routers, but I am new with PIX firewalls. I tried this command:

access-list TEL_IN permit any any eq TELNET

I applied that to both interfaces. This did not work; actually it prevented my local PCs from getting on the network.

Can you give me some ideas??

FYI, I am on the job now so any help would be GREATLY appreciated!

1 REPLY
Gold

Re: Access List Troubles

just wondering what sort of pat/nat is configured on the pix; as with pix 506e, i.e. v6.x, nat/global or static is a must do.

i guess static nat needs to be configured again on the pix.

e.g.

static (inside,outside) netmask 255.255.255.255

access-list inbound permit tcp any host eq 23

access-group inbound in interface outside

clear xlate

it would be better to modify the existing acl tel_in to the one above, as it presents a security risk by permitting any any.

94
Views
0
Helpful
1
Replies
CreatePlease to create content