Re: Telnet through Pix

b-sprague · ‎11-12-2002

Hi,

I need to have telnet access through our Pix. I have set up the following:

access-list acl-out permit tcp any host x.x.x.22 eq telnet

static (inside,outside) x.x.x.22 10.0.0.1 netmask 255.255.255.255 0 0

where 10.0.0.1 is the internal ip I need telnet access to. It is on a seperate VLAN off of a 4006. The Pix can ping the inside host. When I try to telnet to x.x.x.22, I get the error "remote host refused the connection. Any ideas?

thanks,

Brian

Nairi Adamian · ‎11-12-2002

Have you applied the access-list to the outside interface?

Make sure the host 10.0.0.1 has default gateway set to the pix.

Check the pix logs also to see if any traffic is being denied.

Hope this helps,

Nairi

b-sprague · ‎11-12-2002

Hi,

Thanks for the reply. I did apply the access-list:

access-group acl-out in interface outside

I have the gateway of the device to the 4006. Does it need to be the Pix instead? The host is actually just a small router doing NAT for our Cisco Academy. it has a default route set to the 4006.

Thanks

Nairi Adamian · ‎11-12-2002

Is the host able to access anything outside the pix? Are you doing L3 routing on the 4006? If not the default gateway should be pointing to the pix. In any case the host should be able to route through the pix to get to the internet.

You can try with browsing something on the internet or allowing icmp in your ac-out and trying to ping a host on the outside.

Hope this helps,

-Nairi

b-sprague · ‎11-13-2002

Hi,

I found out I had the inside router on a wrong VLAN. It still won't work. The topology looks like this:

Pix ---> 4006-L3 ---> 1605

The Pix is running NAT and the 4006 routes between VLANS. I need telnet access to the 1605. Any host behind it can reach the outside world.

Thanks!