My router has a serial interface and an ethernet interface. The serial interface connects me to my ISP and the ethernet interface to my local LAN.
I only have an access-list (IN) on my serial interface. In it, all incoming access is allowed from another network (a second office), and general access (from the internet) is allowed only to certain machines in my LAN. Anyway, all is working fine.
My problem is, I can telnet to this ethernet interface from my second office. But I cannot telnet to this interface from anywhere else in the internet. And there is no access-list on vty 0 4. So why is it not allowing me telnet access from the internet?.
My logical conclusion is, since I have an access-list on the serial interface (the interface which connects the network to the internet) which allows full access (telnet etc) only from the 2nd office, it is not allowing me to telnet to the ethernet interface from the internet. The telnet request to the ethernet interface first arrives at the serial interface where it will get rejected. Is this what is really happening?.
If this is the case, what is the purpose of a separate access-list for the ethernet interface? (when the serial int access-list applies here as well)
On routerA, if you had an acl that permitted all traffic from 20.x.x.x, you would be able to telnet to the ethernet interface from the 20 network. Unless you are specifically permitting users on the internet to telnet into your ethernet interface, this traffic should get dropped (which it sounds like it is). You will need to add a line that says something like:
access-list 199 permit tcp eq 23
The telnet request to your ethernet interface would arrive at the serial interface first, and at that point the inbound acl would be checked. For this scenario, you would not need to apply another acl on the ethernet interface to accomplish what you're trying to do.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...