I need to allow ssh to the Wan Interface of a 1750 and allow telnet to the Lan Interface. I have IOS w/Security (FW+VPN) installed and have created a tunnel and set up firewalling between 2 1750's. I Can Ping and Use Resources on each remote network but can only access router at the Lan Interface via SSH from a host on the Lan. Need to be able to access a remote router through the tunnel via telnet as well as copy the startup config from a remote router back to a tftp server. Any help would be appreciated. Current access lists are as follows:
description connected to Internet
ip address 172.16.20.20 255.255.255.0
ip access-group 102 in
crypto map cm-cryptomap
description connected to EthernetLAN_1
ip address 64.x.x.x x.x.x.x
ip access-group 101 in
ip inspect FastEthernet_0 in
router eigrp 100
network 64.x.x.x x.x.x.x
network 172.16.20.0 0.0.0.255
no eigrp log-neighbor-changes
ip kerberos source-interface any
ip route 0.0.0.0 0.0.0.0 Ethernet0
no ip http server
access-list 100 permit ip 64.x.x.x x.x.x.x 64.x.x.x x.x.x.x
You are running into the same problems that I am having with my 1720's and 3620's with crypto cards.
All does not seem to work as specified. I have a case open with TAC regarding these similiar issues, and am trying to get documentation regarding the order-of-operation, which I think is at the heart of the matter.
If I get some good answers, I will send them to you.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...