Announcement

Collapse
No announcement yet.

Allow Telnet Access - How?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Allow Telnet Access - How?

    I have a lab with two separate networks that Im trying to experiment.
    Im trying to allow telnet access from 10.10.1.xx subnet to my cisco fw but for some reason it would not allow access.
    My fw is set in 10.10.2.1 ip and want to allow other subnets to access this fw via telnet.
    But when Im on 10.10.2.xx to any host, i can telnet successfully to my fw - i guess due to the fact that im on the same subnet?
    Please advise.
    Cheers!
    DB

  • #2
    Re: Allow Telnet Access - How?

    Can you ping hosts in each subnet?

    Comment


    • #3
      Re: Allow Telnet Access - How?

      have you created access control lists ?

      and also, as virtual pointed out, can you normally ping between the two subnets ?
      Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

      Comment


      • #4
        Re: Allow Telnet Access - How?

        Since they are both on seperate networks you would need routes to that other subnet. Im not sure what the config looks like for all devices. please post the configs. You can telnet from that one subnet because yes its on the same subnet as the FW.
        CCNA, CCNA-Security, CCNP
        CCIE Security (In Progress)

        Comment


        • #5
          Re: Allow Telnet Access - How?

          Here's my running config:
          ASA Version 7.2(3)
          !
          hostname testlab-fw1
          domain-name labrat.net
          enable password sdfg/yt/":v6tUy encrypted
          names
          !
          interface Vlan1
          nameif inside
          security-level 100
          ip address 10.10.2.1 255.255.255.0
          !
          interface Vlan2
          nameif outside
          security-level 0
          ip address 249.109.198.34 255.255.255.224
          !
          interface Ethernet0/0
          switchport access vlan 2
          !
          interface Ethernet0/1
          !
          interface Ethernet0/2
          access-list inside extended permit tcp any host 10.10.1.2 eq telnet
          access-list inside extended permit tcp any host 10.10.2.0 eq telnet
          access-list inside extended permit tcp any host 10.10.3.0 eq ssh
          access-list 100 extended permit tcp any interface outside eq ssh
          access-list outside_access_in extended permit ip any any
          pager lines 24
          logging enable
          logging timestamp
          logging asdm informational
          mtu inside 1500
          mtu outside 1500
          icmp unreachable rate-limit 1 burst-size 1
          no asdm history enable
          arp timeout 14400
          mtu inside 1500
          mtu outside 1500
          icmp unreachable rate-limit 1 burst-size 1
          no asdm history enable
          arp timeout 14400
          global (outside) 1 interface
          nat (inside) 1 0.0.0.0 0.0.0.0
          route outside 0.0.0.0 0.0.0.0 209.172.100.70 1
          timeout xlate 3:00:00
          timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
          timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
          timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
          timeout uauth 0:05:00 absolute
          aaa authentication ssh console LOCAL
          http server enable
          no snmp-server location
          no snmp-server contact
          snmp-server enable traps snmp authentication linkup linkdown coldstart
          telnet 10.10.2.0 255.255.255.0 inside
          telnet 10.10.1.0 255.255.255.0 inside
          telnet timeout 5
          ssh timeout 5
          console timeout 0
          dhcpd auto_config outside
          !

          !
          class-map inspection_default
          match default-inspection-traffic
          !
          !
          policy-map type inspect dns preset_dns_map
          parameters
          message-length maximum 512
          policy-map global_policy
          class inspection_default
          inspect dns preset_dns_map
          inspect ftp
          inspect h323 h225
          inspect h323 ras
          inspect rsh
          inspect rtsp
          inspect esmtp
          inspect sqlnet
          inspect skinny
          inspect sunrpc
          inspect xdmcp
          inspect sip
          inspect netbios
          inspect tftp
          !
          service-policy global_policy global
          prompt hostname context

          Comment


          • #6
            Re: Allow Telnet Access - How?

            Your firewall has no idea of that other subnet.

            interface Ethernet0/1
            ip address 10.10.1.1 255.255.255

            Set your hosts gateway to that address. See it that works for you. Or you could create a new vlan interface with an ip in that subnet.
            CCNA, CCNA-Security, CCNP
            CCIE Security (In Progress)

            Comment


            • #7
              Re: Allow Telnet Access - How?

              Originally posted by auglan View Post
              Your firewall has no idea of that other subnet.

              interface Ethernet0/1
              ip address 10.10.1.1 255.255.255

              Set your hosts gateway to that address. See it that works for you. Or you could create a new vlan interface with an ip in that subnet.
              So when I configure e0/1 to that ip address, does that also mean I have to physically connect this port to the network connecting a cable to my internal network?

              Thanks.

              Comment


              • #8
                Re: Allow Telnet Access - How?

                Yes . Give that a try.
                CCNA, CCNA-Security, CCNP
                CCIE Security (In Progress)

                Comment

                Working...
                X