Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
352
Views
0
Helpful
1
Replies

Access List Troubles

mattpociask
Level 1
Level 1

‎11-11-2005 06:08 AM - edited ‎02-20-2020 09:28 PM

I have a 1721 router, and a 506E firewall with NAT.

Inside the network, we have a machine in which we wish to telnet into from the outside world. I have the router setup with static NAT so that machine has a public IP.

I can ping that public IP successfully.

When I TELNET to it, it always times out. I am guessing I need to open up the firewall on port 23. I am good with routers, but I am new with PIX firewalls. I tried this command:

access-list TEL_IN permit any any eq TELNET

I applied that to both interfaces. This did not work; actually it prevented my local PCs from getting on the network.

Can you give me some ideas??

FYI, I am on the job now so any help would be GREATLY appreciated!

Labels:
0 Helpful
1 Reply 1

jackko
Level 7
Level 7

‎11-12-2005 03:35 AM

just wondering what sort of pat/nat is configured on the pix; as with pix 506e, i.e. v6.x, nat/global or static is a must do.

i guess static nat needs to be configured again on the pix.

e.g.

static (inside,outside) netmask 255.255.255.255

access-list inbound permit tcp any host eq 23

access-group inbound in interface outside

clear xlate

it would be better to modify the existing acl tel_in to the one above, as it presents a security risk by permitting any any.

0 Helpful
Customers Also Viewed These Support Documents