Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

PIX 525 & telnetting

I have a PIX 525. I can telnet anywhere except one place. Anyone heard of this?

More info...

I can get to the ip address telnetting on a DMZ but not on my "inside".

I have setup a PC on the inside with full open access in and out w/o any luck.



New Member

Re: PIX 525 & telnetting

From where are you telnetting from & where are you telnetting to?

Do you have a static translation set up for the PC in question?

If you can, please post your configuration (minus any sensitive information).

New Member

Re: PIX 525 & telnetting

I am telnetting from, which is statically mapped to I am trying to connect to



PIX Version 6.3(2)

interface ethernet0 100full

interface ethernet1 100full

interface ethernet2 100full

interface ethernet3 auto shutdown

interface ethernet4 auto shutdown

interface ethernet5 100full

nameif ethernet0 outside security0

nameif ethernet1 inside security100

nameif ethernet2 wireless_dmz security10

nameif ethernet3 intf3 security15

nameif ethernet4 intf4 security20

nameif ethernet5 webservers_dmz security50

enable password here encrypted

passwd here encrypted

hostname pix


fixup protocol dns maximum-length 512

fixup protocol ftp 21

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol http 80

fixup protocol ils 389

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol sip 5060

fixup protocol sip udp 5060

fixup protocol skinny 2000

fixup protocol smtp 25

fixup protocol sqlnet 1521

fixup protocol tftp 69

access-list outside_access_in permit ip any host

access-list inside_access_in permit ip any any

access-list nonat permit ip

access-list 80 permit ip

access-list 100 permit ip

access-list outside_cryptomap_dyn_30 permit ip any

pager lines 24

mtu outside 1500

mtu inside 1500

mtu wireless_dmz 1500

mtu intf3 1500

mtu intf4 1500

mtu webservers_dmz 1500

ip address outside

ip address inside

ip address wireless_dmz

ip address intf3

no ip address intf4

ip address webservers_dmz

ip audit info action alarm

ip audit attack action alarm

ip local pool ippool

no failover

failover timeout 0:00:00

failover poll 15

failover replication http

no failover ip address outside

failover ip address inside

no failover ip address wireless_dmz

no failover ip address intf3

no failover ip address intf4

failover ip address webservers_dmz

failover link inside

arp timeout 14400

global (outside) 1 interface

global (wireless_dmz) 1

global (webservers_dmz) 1

nat (inside) 0 access-list 80

nat (inside) 1 0 0

nat (wireless_dmz) 1 0 0

nat (webservers_dmz) 1 0 0

static (webservers_dmz,outside) netmask 0 0

static (webservers_dmz,wireless_dmz) netmask 0 0

static (inside,outside) netmask 0 0

static (inside,webservers_dmz) netmask 0 0

access-group outside_access_in in interface outside

access-group inside_access_in in interface inside

access-group wireless_dmz_access_in in interface wireless_dmz

access-group webservers_dmz_in in interface webservers_dmz

route outside 1

route inside 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00

timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server RADIUS protocol radius

aaa-server LOCAL protocol local

aaa-server radius protocol radius

aaa-server partnerauth protocol radius

aaa-server partnerauth (inside) host 192.168.z.x zzzz timeout 5

http server enable

http inside

floodguard enable

sysopt connection permit-ipsec

crypto ipsec transform-set myset esp-3des esp-md5-hmac

crypto dynamic-map dynmap 10 set transform-set myset

crypto map mymap 10 ipsec-isakmp dynamic dynmap

crypto map partner-map 20 ipsec-isakmp dynamic dynmap

crypto map partner-map client authentication partnerauth

crypto map partner-map interface outside

isakmp enable outside

isakmp key ******** address netmask

isakmp identity address

isakmp client configuration address-pool local ippool outside

isakmp policy 8 authentication pre-share

isakmp policy 8 encryption 3des

isakmp policy 8 hash md5

isakmp policy 8 group 2

isakmp policy 8 lifetime 86400

vpngroup vpn3000 address-pool ippool

vpngroup vpn3000 dns-server

vpngroup vpn3000 wins-server

vpngroup vpn3000 default-domain

vpngroup vpn3000 split-tunnel 80

vpngroup vpn3000 idle-time 1800

vpngroup vpn3000 password ********

telnet timeout 5

ssh timeout 5

console timeout 0

terminal width 80