Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
376
Views
0
Helpful
2
Replies

Telnet access to PIX across a shared DMZ

andymh
Level 1
Level 1

‎04-27-2005 03:16 AM - edited ‎02-21-2020 12:06 AM

I have a situation where we have 2 companies and a shared DMZ between them on the same site, using 2 x PIX 501s.

[LAN A -- PIX -- Shared DMZ (192.168.200.0/24) -- PIX -- LAN B]

I need to retain control over my company's PIX(A) and the other company's PIX(B) across the DMZ.

I can't telnet to PIX(B) from Company A's LAN for some reason and get messages such as :

"Rec'd packet not an IPSEC packet. (ip) dest_addr= 192.168.200.2, src_addr= 192.168.200.1, prot= tcp"

My ACLs are permit ip any any to eliminate them, and I have the required telnet access cmd on PIX(B).

What am I doing wrong ?

0 Helpful
2 Replies 2

sachinraja
Level 9
Level 9

‎04-27-2005 03:25 AM

hey andy

are u trying to telnet to the outside of PIX 2 from LAN A ??? you should always do a SSH to the outside of the PIX. are there any IPSEC between the PIXEs ?? are u able to ping the pix from ur LAN ? give us more details.

Raj

0 Helpful

andymh
Level 1
Level 1
In response to sachinraja

‎04-27-2005 03:54 AM

Hi Raj,

I was trying to telnet to the inside i/f (192.168.200.2) of PIX(B) from LAN(A). Not sure if this is the best way, as I've only got previous experience of a PIX in an internet/LAN scenario.

There is no IPSEC between the 2 PIXs.

I can't ping the PIX no, but then the default is not to respond to pings direct to a PIX i/f isn't it ?

I can get to a server inside the DMZ from a machine on either LAN(A) or (B) so I'm pretty sure both PIXs are working fine.

A.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card