Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

IOS SSL VPN and Thin Client

Hi All,

I have setup SSL VPN on a border C871 with port forwarding for Telnet and ssh access to inside C3845 routers. The inside router has ACL enabled to controll access on vty lines. When I remove the ACL, I can successfully telnet 127.0.0.1 3000 from local PC to the inside router. When the ACL is enabled, I cannot access the router. One would think this is normal. But the problem is there even if I have a 'permit any' statement in the ACL to allow any access. Here is the script:

-------------------------

access-list 99 permit any

line vty 0 4

access-class 99 in

transport input all

!

--------------------------

C871 is in version c870-advipservicesk9-mz.124-15.T9.bin; and C3845 is in c3845-advipservicesk9-mz.124-9.T7.bin.

Any ideas on this would be appreciated.

Thanks.

Chuan

2 REPLIES
New Member

Re: IOS SSL VPN and Thin Client

Chuan,

Can you post a copy of the ACL itself and confirm what port you are using for telnet access? From your post it appears that you may be using port 3000, but I am unclear on that piece.

James

New Member

Re: IOS SSL VPN and Thin Client

Hi James,

I cannot access even when the ACL has only one statement: access-list 99 per any.

In the SSL VPN router, port 3000 is defined for ssh.

port-forward "Core01"
   local-port 3000 remote-server "192.168.179.193" remote-port 22

When connected from Laptop to the SSL VPN router, I telnet on 127.0.0.1 3000 from DOS prompt.

When the above ACL is removed, the telnet is working.

Thanks for your idea,

Chuan

311
Views
0
Helpful
2
Replies
CreatePlease login to create content