https://community.cisco.com/t5/network-security/asa-5510/m-p/1432578#M634699 <P>I am trying to telnet between two locations and&nbsp; i am unable to inbound telnet to the ASA</P><P>router. I can outbound to the other location.</P><P></P><P>I created access rules in the ACL on the ASA for the source and destination. But I still see the IP being denied in the log.</P><P></P><P>Is there another place I need to input those IPs to allow access?</P><P></P><P>Should I clear the ASDM cache?</P><P></P><P>Thanks for your help,<BR />Jackie</P> Mon, 11 Mar 2019 18:00:25 GMT siclines1234 2019-03-11T18:00:25Z https://community.cisco.com/t5/network-security/asa-5510/m-p/1432578#M634699 <P>I am trying to telnet between two locations and&nbsp; i am unable to inbound telnet to the ASA</P><P>router. I can outbound to the other location.</P><P></P><P>I created access rules in the ACL on the ASA for the source and destination. But I still see the IP being denied in the log.</P><P></P><P>Is there another place I need to input those IPs to allow access?</P><P></P><P>Should I clear the ASDM cache?</P><P></P><P>Thanks for your help,<BR />Jackie</P> Mon, 11 Mar 2019 18:00:25 GMT https://community.cisco.com/t5/network-security/asa-5510/m-p/1432578#M634699 siclines1234 2019-03-11T18:00:25Z https://community.cisco.com/t5/network-security/asa-5510/m-p/1432579#M634700 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>If you create the appropiate rules to allow telnet traffic through the ASA, it should work.</P><P>Make sure that the rule that permits telnet is above any deny rule (blocking telnet), remember the ACLs are read in sequential order.</P><P></P><P>Please post the output of:</P><P>sh run access-group</P><P>sh run access-list</P><P></P><P>Federico.</P></BODY></HTML> Wed, 16 Jun 2010 17:56:06 GMT https://community.cisco.com/t5/network-security/asa-5510/m-p/1432579#M634700 Federico Coto Fajardo 2010-06-16T17:56:06Z https://community.cisco.com/t5/network-security/asa-5510/m-p/1432580#M634701 <HTML><HEAD></HEAD><BODY><P>sh run access-group</P><P><BR />access-group inside_access_in in interface inside<BR />access-group Phone_access_in in interface Phone<BR />access-group outside_access_in in interface outside</P><P></P><P>sh run access-list</P><P>access-list outside_access_in extended permit tcp any host 70.33.178.167 eq https <BR />access-list outside_access_in extended permit tcp any host 70.33.178.166 object-group DM_INLINE_TCP_4 <BR />access-list outside_access_in extended permit tcp any host 70.33.178.165 object-group DM_INLINE_TCP_0 <BR />access-list outside_access_in extended permit tcp any host 70.33.178.166 object-group DM_INLINE_TCP_3 <BR />access-list outside_access_in extended permit tcp any host 70.33.178.170 object-group DM_INLINE_TCP_1 <BR />access-list outside_access_in extended permit tcp any host 70.33.178.171 object-group DM_INLINE_TCP_2 <BR />access-list outside_access_in extended permit tcp any host 70.33.178.173 object-group DM_INLINE_TCP_5 <BR />access-list outside_access_in extended permit tcp any host 70.33.178.168 eq pptp <BR />access-list outside_access_in extended permit gre any host 70.33.178.168 <BR />access-list outside_access_in extended permit object-group TCPUDP any host 70.33.178.174 eq sip <BR />access-list outside_access_in extended permit tcp any host 70.33.178.174 object-group HUD <BR />access-list outside_access_in extended permit udp any host 70.33.178.174 object-group IAX2 <BR />access-list outside_access_in extended permit udp any host 70.33.178.174 object-group RTP <BR />access-list outside_access_in extended permit udp any host 70.33.178.174 eq tftp <BR />access-list outside_access_in extended permit tcp any host 70.33.178.172 eq https <BR />access-list outside_access_in extended permit tcp any host 70.33.178.169 object-group RDP <BR />access-list outside_access_in extended permit tcp any host 70.33.178.179 object-group RDP <BR />access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_4 any host 66.160.11.132 <BR />access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_1 host 66.160.11.132 any <BR />access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_2 any host 66.160.11.132 <BR />access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_3 host 66.160.11.132 host 70.33.178.164 <BR />access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_5 host 66.160.11.129 any <BR />access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_6 any host 66.160.11.129 <BR />access-list outside_cryptomap extended permit object-group DM_INLINE_PROTOCOL_1 192.168.10.0 255.255.255.0 192.168.30.0 255.255.255.0 <BR />access-list inside_access_in extended permit icmp any any <BR />access-list inside_access_in extended permit ip any any <BR />access-list inside_access_in extended permit gre host 192.168.10.23 any <BR />access-list inside_nat0_outbound extended permit ip 192.168.10.0 255.255.255.0 192.168.30.0 255.255.255.0 <BR />access-list inside_nat0_outbound extended permit ip 192.168.10.0 255.255.255.0 192.168.20.0 255.255.255.0 <BR />access-list inside_nat0_outbound extended permit ip 192.168.10.0 255.255.255.0 192.168.11.0 255.255.255.0 <BR />access-list inside_nat0_outbound extended permit ip 192.168.10.0 255.255.255.0 192.168.21.0 255.255.255.0 <BR />access-list inside_nat0_outbound extended permit ip 192.168.10.0 255.255.255.0 192.168.31.0 255.255.255.0 <BR />access-list outside_cryptomap_1 extended permit ip object-group DM_INLINE_NETWORK_1 192.168.20.0 255.255.255.0 <BR />access-list Phone_access_in extended permit ip any any <BR />access-list Phone_access_in extended permit icmp any any <BR />access-list Phone_access_in extended permit tcp any any eq https <BR />access-list Phone_nat0_outbound extended permit ip 192.168.11.0 255.255.255.0 192.168.20.0 255.255.255.0 <BR />access-list Phone_nat0_outbound extended permit ip 192.168.11.0 255.255.255.0 192.168.30.0 255.255.255.0 <BR />access-list Phone_nat0_outbound extended permit ip 192.168.11.0 255.255.255.0 192.168.10.0 255.255.255.0 <BR />access-list Phone_nat0_outbound extended permit ip any 192.168.10.128 255.255.255.128 <BR />access-list Phone_nat0_outbound extended permit ip any 192.168.30.0 255.255.255.0 <BR />access-list Phone_nat0_outbound extended permit ip 192.168.10.0 255.255.255.0 192.168.30.0 255.255.255.0 <BR />access-list outside_1_cryptomap_1 extended permit object-group DM_INLINE_PROTOCOL_5 192.168.10.0 255.255.255.0 192.168.30.0 255.255.255.0 <BR />access-list outside_1_cryptomap extended permit object-group DM_INLINE_PROTOCOL_4 192.168.10.0 255.255.255.0 192.168.30.0 255.255.255.0 <BR />access-list outside_1_cryptomap_2 extended permit ip 192.168.10.0 255.255.255.0 192.168.30.0 255.255.255.0 <BR />access-list outside_3_cryptomap extended permit ip 192.168.10.0 255.255.255.0 192.168.21.0 255.255.255.0 <BR />access-list outside_2_cryptomap extended permit ip 192.168.10.0 255.255.255.0 192.168.20.0 255.255.255.0 <BR />access-list outside_cryptomap_2 extended permit ip 192.168.10.0 255.255.255.0 192.168.30.0 255.255.255.0</P></BODY></HTML> Wed, 16 Jun 2010 18:31:47 GMT https://community.cisco.com/t5/network-security/asa-5510/m-p/1432580#M634701 siclines1234 2010-06-16T18:31:47Z https://community.cisco.com/t5/network-security/asa-5510/m-p/1432581#M634702 <HTML><HEAD></HEAD><BODY><P>What code are you using?</P><P></P><P>Please include the source and destination for the telnet that is not working.</P><P></P><P>Please include which translation(nat/static) you are expecting to be used by the traffic, I believe you are saying it is from internet to the inside of firewall right?</P><P></P><P>Since your access-list has object groups, please include the details of the objects so that we can see if there may be issue there.</P><P></P><P>Please include any log you get for the source or destination when you try to do the traffic flow that does not work .</P><P></P><P>Maybe you can also use packet tracer (available on code 7.2 and later) to simulate the traffic, and see where it fails :</P><P><A class="jive-link-external-small" href="http://www.cisco.com/en/US/docs/security/asa/asa72/command/reference/p_72.html#wp1724426">http://www.cisco.com/en/US/docs/security/asa/asa72/command/reference/p_72.html#wp1724426</A></P><P></P><P>Regards,</P></BODY></HTML> Thu, 17 Jun 2010 03:55:23 GMT https://community.cisco.com/t5/network-security/asa-5510/m-p/1432581#M634702 edadios 2010-06-17T03:55:23Z