Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1412
Views
0
Helpful
5
Replies

Telnet from Outside switch to DMZ switch connected to ASA.

Go to solution
mahesh18
Level 6
Level 6

‎10-27-2012 03:58 PM - edited ‎03-11-2019 05:15 PM

Hi all,

I have switch b connected to ASA  with fas0/40 under vlan 40.

ASA connection to this switch is under Vlan 3 which is DMZ.

OSPF is running between OSPF and DMZ switch.

I was trying to telnet from Outside interface switch to DMZ  switch which goes through the ASA.

My question is is it possible from Outside Switch to ping the DMZ switch or telnet to it as connection has to pass by ASA ?

Thanks

Mahesh

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni

‎10-27-2012 04:00 PM

Hello,

Yes, it is possible.

You just need to allow that traffic over the ASA.

Also if NAT is required then perform a biderectional nat from DMZ to outside,

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

0 Helpful

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni
In response to mahesh18

‎10-27-2012 04:30 PM

Hello Mahesh,

Yes, as I said on my previous post

access-list outside_in permit tcp host outside_switch_ip host dmz_switch_ip eq 23

access-group outside_in in interface outside

If you want to check if everything is properly setup for that connection to work across the ASA do the following:

packet-tracer input outside tcp outside_ip_switch 1025 dmz_switch_ip 23

Remember to rate all of the helpful posts

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni

‎10-27-2012 04:00 PM

Hello,

Yes, it is possible.

You just need to allow that traffic over the ASA.

Also if NAT is required then perform a biderectional nat from DMZ to outside,

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

Go to solution
mahesh18
Level 6
Level 6
In response to Julio Carvajal

‎10-27-2012 04:27 PM

Hi julio,

Currently i am able to telnet from DMZ  switch to Outside Switch through ASA.

But not from outside switch to DMZ  switch.

Right now no Nat is running on ASA.

Outside Switch has route to DMZ  switch by ASA.

Should i allow telnet ACL  on ASA  outside interface to make this work?

Thanks

Mahesh

0 Helpful

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni
In response to mahesh18

‎10-27-2012 04:30 PM

Hello Mahesh,

Yes, as I said on my previous post

access-list outside_in permit tcp host outside_switch_ip host dmz_switch_ip eq 23

access-group outside_in in interface outside

If you want to check if everything is properly setup for that connection to work across the ASA do the following:

packet-tracer input outside tcp outside_ip_switch 1025 dmz_switch_ip 23

Remember to rate all of the helpful posts

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

Go to solution
mahesh18
Level 6
Level 6
In response to Julio Carvajal

‎10-27-2012 04:45 PM

Hi Julio,

It worked great.

Also i ran the packet tracer command before and after the i applied ACL.

After applying ACL  it was all Allow .

Best regards

Mahesh

0 Helpful

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni
In response to mahesh18

‎10-27-2012 05:02 PM

That is great,

Regards

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card