Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
261
Views
6
Helpful
2
Replies

virtual http from outside to inside not working. urgent help required pls

sebastan_bach
Level 4
Level 4

‎12-04-2006 05:13 AM

hi all can someone pls help me. i am able to authenticate rdp and all other kinds of trafic with the help of virtual http and virtual telnet from inside to outside. but i am unable to achieve the same from outside to inside.

int e0

no sh

nameif outside

ip add 1.x.x.1/24

int e1

no sh

nameif inside

ip add 10.1.1.1/24

acs server is on 10.1.1.3 and rdp server is on 10.1.1.2

host is connected on the outside with 1.x.x.2

aaa-server cisco protocol tacacs+

aaa-server cisco (inside) host 10.1.1.3

key cisco

static(inside,outside) 1.1.x.x.1.1.2 netmask 255.255.255.255

access-list 101 per tcp any host 1.1.1.3 eq 3389

access-list 101 per tcp any host 1.1.1.4 eq 80

access-list 101 per tcp any host 1.1.1.5 eq 23

access-group 101 in interface outside

virtual-telnet 1.1.1.5

virtual-http 1.1.1.4

when i am trying to telnet or do http to this virtual ip;s i am not getting triggered for authentication. what could be the problem. so i have to do a static nat for virtual http and virtual telnet servers.

what am i missing. can someone pls help me.

on the acs server also i have permitted http 1.1.1.4 and telnet to 1.1.1.5.

pls urgent help required.

regards

sebastan

Labels:
0 Helpful
2 Replies 2

spremkumar
Level 9
Level 9

‎12-04-2006 10:19 PM

Hi Sebastan

Security device dont allow Telnet sessions usually from outside world/interface.

You need to make use of SSH to logon to your secuirty device.

But the same is viceversa when you are doing it from internal lan which is behind your inside interface.

regds

sebastan_bach
Level 4
Level 4
In response to spremkumar

‎12-05-2006 04:45 AM

hi kumar i know telnet sessions are not allowed from the outside of the pix or the asa. but the as u can see i am doing virtual telnet to the pix and not telneting to the pix itself.

i get the authentication promt for username and password.

cause i have see configuration examples for virtual telnet from the touside of pix. can u pls help.

see ya and thanks for ur reply.

regards

sebastan

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents