Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

Cannot access the PIX command line interface with Telnet to inside interface through LAN-to-LAN tunnel

Core issue

The PIX does not allow a Telnet session to any interface from a host off any other interface. For example, you cannot Telnet to the inside interface of the PIX from a host off the outside interface of the PIX. You can only Telnet to the outside interface from a host off the outside interface, and that traffic must be through an IPsec tunnel.

Resolution

Complete these steps:

  1. Enable Telnet to the outside interface with the telnet network number subnet mask outside command.

  2. Configure an access list that defines interesting traffic to include traffic from the outside interface of the PIX to the remote subnet. Refer to this partial PIX configuration for an example:
     

    access-list VPNTUNNEL permit ip 10.1.1.0 255.255.255.0 192.168.0.0 255.255.255.0
    access-list VPNTUNNEL permit ip host 10.10.10.1 192.168.0.0 255.255.255.0
    ip address outside 10.10.10.1 255.255.255.0
    telnet 192.168.0.0 255.255.255.0 outside
    crypto map MYMAP 20 match address VPNTUNNEL

    For PIX/ASA version 7.x use extended access-list. For example:

      access-list VPNTUNNEL extended permit ip 10.1.1.0 255.255.255.0 192.168.0.0 255.255.255.0

Version history
Revision #:
1 of 1
Last update:
‎06-22-2009 03:34 PM
Updated by:
 
Labels (1)