cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
244
Views
0
Helpful
2
Replies

Cut-Thourgh Proxy Doesn't Work - HELP!!!

wearingsa
Level 1
Level 1

I have 2 PIX 515E the sh ver info is below. VirtualTelent session just hangs when I try to connect. It doesn't even prompt me for a user name/pwd. I deleted and re-created the VirtualTelnet intf and user id/pwd that we are suppose to use w/ cut-thru proxy...Still I can't even get a user id/pwd prompt....Logging doesn't show a whole lot...only session tries to start and then nothing...I'm starting to think it's a IOS revision issue...Any ideas would be greatly appreciaited... Thanks in Advance...

Cisco PIX Firewall Version 6.3(4)

Cisco PIX Device Manager Version 3.0(4)

Compiled on Fri 02-Jul-04 00:07 by morlee

PFW015 up 198 days 0 hours

Hardware: PIX-515E, 32 MB RAM, CPU Pentium II 433 MHz

Flash E28F128J3 @ 0x300, 16MB

BIOS Flash AM29F400B @ 0xfffd8000, 32KB

0: ethernet0: address is 0012.dac4.d901, irq 10

1: ethernet1: address is 0012.dac4.d902, irq 11

2: ethernet2: address is 00e0.b605.678b, irq 11

Licensed Features:

Failover: Disabled

VPN-DES: Enabled

VPN-3DES-AES: Enabled

Maximum Physical Interfaces: 3

Maximum Interfaces: 5

Cut-through Proxy: Enabled

Guards: Enabled

URL-filtering: Enabled

Inside Hosts: Unlimited

Throughput: Unlimited

IKE peers: Unlimited

This PIX has a Restricted (R) license.

2 Replies 2

Vivek Santuka
Cisco Employee
Cisco Employee

Hi,

Relevant config will help.

Off the head one thing comes to mind .. If the aaa server is not reachable you will not get the username prompt.

Regards,

Vivek

AAA server is ping from firewall....

Here are my AAA ACLs:

access-list outside_authentication_LOCAL deny tcp any object-group ncplyavpsql10_ref eq www

access-list outside_authentication_LOCAL deny tcp object-group AP_Support object-group PCN_LAN_ref

access-list outside_authentication_LOCAL deny tcp object-group SQL_Servers object-group ncplyavpsql10_ref

access-list outside_authentication_LOCAL deny tcp object-group Domain_controllers object-group PCN_LAN_ref

access-list outside_authentication_LOCAL deny tcp any any

access-list outside_authorization_TACACS+ permit tcp any object-group RDP_Services object-group ncplyavpsql10_ref object-group RDP_Services

access-list outside_authorization_TACACS+ deny tcp object-group Lucidyne_VPN any

access-list outside_authentication_TACACS+ deny tcp object-group Lucidyne_VPN any

access-list outside_authentication_TACACS+ permit tcp any object-group VirtualTelnet_ref eq telnet

Virtual Telnet is active:

virtual telnet VirtualTelnet

What else do you need to see.....?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: