02-21-2008 01:32 AM - edited 03-11-2019 05:05 AM
Dear all,
I can not access telnet or http from outside......
I m trying to accesstelnet or http using IP
10.5.213.22
Working Running Config is life this .....
sh run
: Saved
:
ASA Version 7.2(2)
!
hostname ABB-ASA5505
domain-name cisco.com
enable password xxx
names
!
interface Vlan1
nameif inside
security-level 100
ip address 172.5.200.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address 10.5.213.30 255.255.255.0
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
passwd xxx
ftp mode passive
clock timezone IST 5 30
dns server-group DefaultDNS
domain-name cisco.com
access-list inside_access_in extended permit ip host 172.5.200.2 host 10.5.161.16
access-list outside_access_in extended permit ip host 10.5.161.16 host 10.5.213.21
access-list outside_access_in extended permit ip host 10.5.161.16 host 10.5.213.22
pager lines 24
logging enable
logging buffered debugging
logging asdm informational
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-522.bin
no asdm history enable
arp timeout 14400
static (inside,outside) 10.5.213.21 172.5.200.2 netmask 255.255.255.255
static (inside,outside) 10.5.213.22 172.5.200.1 netmask 255.255.255.255
access-group inside_access_in in interface inside
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 10.5.213.35 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
http server enable
http 172.5.200.2 255.255.255.255 inside
http 10.5.161.16 255.255.255.255 outside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet 172.5.200.2 255.255.255.255 inside
telnet 10.5.161.16 255.255.255.255 outside
telnet timeout 5
ssh timeout 5
console timeout 0
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect icmp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:xxx
: end
ABB-ASA5505#
Pls help
02-21-2008 03:52 AM
You need permit telnet/web access for 10.5.213.22
with commands
telnet 10.5.213.22 255.255.255.255 outside
http 10.5.213.22 255.255.255.255 outside
M.
02-22-2008 12:50 AM
Dear,
10.5.161.16 is my outside NW PC from where I need to access ASA device.
10.5.213.22 is mapped address for 172.5.200.1 ( Vlan 1 interface - Inside nw Address ).
I have given access for telnet and web but it's not working even I can not ping 10.5.213.22 from 10.5.161.16 ( outside )
02-22-2008 08:42 AM
No, you should not address translate the inside interface and connect to this from the outside.
Use the outside interface to connect to. There is no additional security by trying to pass through the ASA.
Test this:
ping the outside interface. If it answers, your routing is correct.
Then use https or telnet to this ip address. However, I would never configure telnet access on an outside interface. Use SSH instead!
You may get around this by using the command `management-access inside`, but I am not sure if you will actually get it working. This command is more intended to manage a firewall through a VPN tunnel.
Harald
02-22-2008 11:05 AM
PIX/ASA won't let you telnet to the outside interface unless it's over a VPN.
stick to SSH/HTTPS.
Make sure you generate your rsa keys.
03-07-2008 01:29 AM
u r not able to telnet the outside interface of the firewall use the ssh for the command line access.use the following command for access the web from outside
http 10.5.213.22 255.255.255.255 outside
ssh 10.5.213.22 255.255.255.255 outside
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide