Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

PIX 525 & telnetting

I have a PIX 525. I can telnet anywhere except one place. Anyone heard of this?

More info...

I can get to the ip address telnetting on a DMZ but not on my "inside".

I have setup a PC on the inside with full open access in and out w/o any luck.

Thanks,

Matt

2 REPLIES
New Member

Re: PIX 525 & telnetting

From where are you telnetting from & where are you telnetting to?

Do you have a static translation set up for the PC in question?

If you can, please post your configuration (minus any sensitive information).

New Member

Re: PIX 525 & telnetting

I am telnetting from 192.168.10.219, which is statically mapped to 216.248.99.41. I am trying to connect to 132.174.11.7.

Thanks,

Matt

PIX Version 6.3(2)

interface ethernet0 100full

interface ethernet1 100full

interface ethernet2 100full

interface ethernet3 auto shutdown

interface ethernet4 auto shutdown

interface ethernet5 100full

nameif ethernet0 outside security0

nameif ethernet1 inside security100

nameif ethernet2 wireless_dmz security10

nameif ethernet3 intf3 security15

nameif ethernet4 intf4 security20

nameif ethernet5 webservers_dmz security50

enable password here encrypted

passwd here encrypted

hostname pix

domain-name urbandale.org

fixup protocol dns maximum-length 512

fixup protocol ftp 21

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol http 80

fixup protocol ils 389

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol sip 5060

fixup protocol sip udp 5060

fixup protocol skinny 2000

fixup protocol smtp 25

fixup protocol sqlnet 1521

fixup protocol tftp 69

access-list outside_access_in permit ip any host 216.248.99.41

access-list inside_access_in permit ip any any

access-list nonat permit ip 192.168.10.0 255.255.255.0 192.168.80.0 255.255.255.0

access-list 80 permit ip 192.168.0.0 255.255.0.0 192.168.80.0 255.255.255.0

access-list 100 permit ip 192.168.80.0 255.255.255.0 192.168.10.0 255.255.255.0

access-list outside_cryptomap_dyn_30 permit ip any 192.168.80.0 255.255.255.0

pager lines 24

mtu outside 1500

mtu inside 1500

mtu wireless_dmz 1500

mtu intf3 1500

mtu intf4 1500

mtu webservers_dmz 1500

ip address outside 216.248.99.34 255.255.255.224

ip address inside 192.168.10.254 255.255.255.0

ip address wireless_dmz 192.168.253.1 255.255.255.0

ip address intf3 127.0.0.1 255.255.255.255

no ip address intf4

ip address webservers_dmz 192.168.254.1 255.255.255.0

ip audit info action alarm

ip audit attack action alarm

ip local pool ippool 192.168.80.1-192.168.80.254

no failover

failover timeout 0:00:00

failover poll 15

failover replication http

no failover ip address outside

failover ip address inside 192.168.10.253

no failover ip address wireless_dmz

no failover ip address intf3

no failover ip address intf4

failover ip address webservers_dmz 192.168.254.2

failover link inside

arp timeout 14400

global (outside) 1 interface

global (wireless_dmz) 1 192.168.253.11-192.168.253.99

global (webservers_dmz) 1 192.168.254.11-192.168.254.99

nat (inside) 0 access-list 80

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

nat (wireless_dmz) 1 0.0.0.0 0.0.0.0 0 0

nat (webservers_dmz) 1 0.0.0.0 0.0.0.0 0 0

static (webservers_dmz,outside) 216.248.99.35 192.168.254.100 netmask 255.255.255.255 0 0

static (webservers_dmz,wireless_dmz) 192.168.254.0 192.168.254.0 netmask 255.255.255.0 0 0

static (inside,outside) 216.248.99.41 192.168.10.219 netmask 255.255.255.255 0 0

static (inside,webservers_dmz) 192.168.10.0 192.168.10.0 netmask 255.255.255.0 0 0

access-group outside_access_in in interface outside

access-group inside_access_in in interface inside

access-group wireless_dmz_access_in in interface wireless_dmz

access-group webservers_dmz_in in interface webservers_dmz

route outside 0.0.0.0 0.0.0.0 216.248.99.33 1

route inside 192.168.15.0 255.255.255.0 192.168.10.254 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00

timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server RADIUS protocol radius

aaa-server LOCAL protocol local

aaa-server radius protocol radius

aaa-server partnerauth protocol radius

aaa-server partnerauth (inside) host 192.168.z.x zzzz timeout 5

http server enable

http 192.168.10.0 255.255.255.0 inside

floodguard enable

sysopt connection permit-ipsec

crypto ipsec transform-set myset esp-3des esp-md5-hmac

crypto dynamic-map dynmap 10 set transform-set myset

crypto map mymap 10 ipsec-isakmp dynamic dynmap

crypto map partner-map 20 ipsec-isakmp dynamic dynmap

crypto map partner-map client authentication partnerauth

crypto map partner-map interface outside

isakmp enable outside

isakmp key ******** address 0.0.0.0 netmask 0.0.0.0

isakmp identity address

isakmp client configuration address-pool local ippool outside

isakmp policy 8 authentication pre-share

isakmp policy 8 encryption 3des

isakmp policy 8 hash md5

isakmp policy 8 group 2

isakmp policy 8 lifetime 86400

vpngroup vpn3000 address-pool ippool

vpngroup vpn3000 dns-server 167.142.225.3

vpngroup vpn3000 wins-server 192.168.10.3

vpngroup vpn3000 default-domain urbandale.org

vpngroup vpn3000 split-tunnel 80

vpngroup vpn3000 idle-time 1800

vpngroup vpn3000 password ********

telnet timeout 5

ssh timeout 5

console timeout 0

terminal width 80

108
Views
0
Helpful
2
Replies