https://community.cisco.com/t5/network-security/permitting-telnet-through-port-80/m-p/1248618#M859400 <HTML><HEAD></HEAD><BODY><P>there is no NAT going on for this particular node...all addressing is internal.</P><P></P><P>However this VIP could be considered to reside on the inside interface</P></BODY></HTML> Wed, 10 Jun 2009 17:46:48 GMT nygenxny123 2009-06-10T17:46:48Z https://community.cisco.com/t5/network-security/permitting-telnet-through-port-80/m-p/1248616#M859397 <P>We have a CSS with a configured vip for 4 servers in a cluster.</P><P></P><P>The admins want to telnet via port 80 to the VIP and reach a server.</P><P></P><P>They are coming from 192.168.5.x</P><P></P><P></P><P>I have entered thse rules</P><P></P><P>access-list inside_access_in line 39 extended permit tcp 192.168.5.0 255.255.255.0 host Web-VIP object-group http-https 0x71c87785</P><P>access-list inside_access_in line 39 extended permit tcp 192.168.5.0 255.255.255.0 host Web-VIP eq https (hitcnt=0) 0x7cd8bb99</P><P>access-list inside_access_in line 39 extended permit tcp 192.168.5.0 255.255.255.0 host Web-VIP eq www (hitcnt=0) 0xfc9707c4 </P><P></P><P>However when i do a packet trace on ASDM with a packet tracer it is being denied by the deny ip any any rule</P><P></P><P></P><P>I am using the inside interface...source 192.168.5.3 as source, actual web vip as dest...source port telnet......dest port http/www</P><P></P> Mon, 11 Mar 2019 15:41:53 GMT https://community.cisco.com/t5/network-security/permitting-telnet-through-port-80/m-p/1248616#M859397 nygenxny123 2019-03-11T15:41:53Z https://community.cisco.com/t5/network-security/permitting-telnet-through-port-80/m-p/1248617#M859398 <HTML><HEAD></HEAD><BODY><P>Where are Web-VIP host located? DMZ or outside?</P><P></P><P>Please post your nat configuration.</P><P></P><P></P><P><BR /></P><P>Guido.</P><P><FONT color="blue">Please rate all the helpful comments.</FONT></P><P></P></BODY></HTML> Wed, 10 Jun 2009 17:20:54 GMT https://community.cisco.com/t5/network-security/permitting-telnet-through-port-80/m-p/1248617#M859398 BrinksArgentina 2009-06-10T17:20:54Z https://community.cisco.com/t5/network-security/permitting-telnet-through-port-80/m-p/1248618#M859400 <HTML><HEAD></HEAD><BODY><P>there is no NAT going on for this particular node...all addressing is internal.</P><P></P><P>However this VIP could be considered to reside on the inside interface</P></BODY></HTML> Wed, 10 Jun 2009 17:46:48 GMT https://community.cisco.com/t5/network-security/permitting-telnet-through-port-80/m-p/1248618#M859400 nygenxny123 2009-06-10T17:46:48Z