Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Telnet through Pix

Hi,

I need to have telnet access through our Pix. I have set up the following:

access-list acl-out permit tcp any host x.x.x.22 eq telnet

static (inside,outside) x.x.x.22 10.0.0.1 netmask 255.255.255.255 0 0

where 10.0.0.1 is the internal ip I need telnet access to. It is on a seperate VLAN off of a 4006. The Pix can ping the inside host. When I try to telnet to x.x.x.22, I get the error "remote host refused the connection. Any ideas?

thanks,

Brian

4 REPLIES
Cisco Employee

Re: Telnet through Pix

Have you applied the access-list to the outside interface?

Make sure the host 10.0.0.1 has default gateway set to the pix.

Check the pix logs also to see if any traffic is being denied.

Hope this helps,

Nairi

New Member

Re: Telnet through Pix

Hi,

Thanks for the reply. I did apply the access-list:

access-group acl-out in interface outside

I have the gateway of the device to the 4006. Does it need to be the Pix instead? The host is actually just a small router doing NAT for our Cisco Academy. it has a default route set to the 4006.

Thanks

Cisco Employee

Re: Telnet through Pix

Is the host able to access anything outside the pix? Are you doing L3 routing on the 4006? If not the default gateway should be pointing to the pix. In any case the host should be able to route through the pix to get to the internet.

You can try with browsing something on the internet or allowing icmp in your ac-out and trying to ping a host on the outside.

Hope this helps,

-Nairi

New Member

Re: Telnet through Pix

Hi,

I found out I had the inside router on a wrong VLAN. It still won't work. The topology looks like this:

Pix ---> 4006-L3 ---> 1605

The Pix is running NAT and the 4006 routes between VLANS. I need telnet access to the 1605. Any host behind it can reach the outside world.

Thanks!

163
Views
0
Helpful
4
Replies