12-04-2006 05:13 AM
hi all can someone pls help me. i am able to authenticate rdp and all other kinds of trafic with the help of virtual http and virtual telnet from inside to outside. but i am unable to achieve the same from outside to inside.
int e0
no sh
nameif outside
ip add 1.x.x.1/24
int e1
no sh
nameif inside
ip add 10.1.1.1/24
acs server is on 10.1.1.3 and rdp server is on 10.1.1.2
host is connected on the outside with 1.x.x.2
aaa-server cisco protocol tacacs+
aaa-server cisco (inside) host 10.1.1.3
key cisco
static(inside,outside) 1.1.x.x.1.1.2 netmask 255.255.255.255
access-list 101 per tcp any host 1.1.1.3 eq 3389
access-list 101 per tcp any host 1.1.1.4 eq 80
access-list 101 per tcp any host 1.1.1.5 eq 23
access-group 101 in interface outside
virtual-telnet 1.1.1.5
virtual-http 1.1.1.4
when i am trying to telnet or do http to this virtual ip;s i am not getting triggered for authentication. what could be the problem. so i have to do a static nat for virtual http and virtual telnet servers.
what am i missing. can someone pls help me.
on the acs server also i have permitted http 1.1.1.4 and telnet to 1.1.1.5.
pls urgent help required.
regards
sebastan
12-04-2006 10:19 PM
Hi Sebastan
Security device dont allow Telnet sessions usually from outside world/interface.
You need to make use of SSH to logon to your secuirty device.
But the same is viceversa when you are doing it from internal lan which is behind your inside interface.
regds
12-05-2006 04:45 AM
hi kumar i know telnet sessions are not allowed from the outside of the pix or the asa. but the as u can see i am doing virtual telnet to the pix and not telneting to the pix itself.
i get the authentication promt for username and password.
cause i have see configuration examples for virtual telnet from the touside of pix. can u pls help.
see ya and thanks for ur reply.
regards
sebastan
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: