Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
708
Views
0
Helpful
5
Replies

Telnet to ASA from Nei Switch

Go to solution
mahesh18
Level 6
Level 6

‎10-27-2012 01:52 PM - edited ‎03-11-2019 05:15 PM

Hi Everyone.

I have ASA  connected to Switch.

This is outside connection.

I was trying to Telnet to ASA  from Switch which has outside connection to ASA.

I config the command

telnet 192.168.0.0 255.255.0.0 outside

Still from Switch i am unable to telnet to ASA ?

ASA  has default route to switch with route outside command

Need to know  things below

1>Is this possible to Telnet to both outside and inside interface of ASA  from the nei switch which is on outside interface of ASA  ??

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni

‎10-27-2012 01:56 PM

Hello,

Telnet is not allowed to the lowest security level interface of the ASA.

SSH will do it ( security purposes)

Also you cannot access a distant-interface, this means from an inside user you will be able to access inside interface but traffic to outside interface ip address will be denied no matter what ( Security desing meassure)

Regards

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

0 Helpful

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni
In response to mahesh18

‎10-27-2012 02:01 PM

Hello,

So this means that outside interface is never allowed telnet by design right?

Correct,

As I mention on my previous post

Also you cannot access a distant-interface, this means from an inside user you will be able to access inside interface but traffic to outside interface ip address will be denied no matter what ( Security desing meassure)

Regards

Remember to rate all of the helpful posts

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni

‎10-27-2012 01:56 PM

Hello,

Telnet is not allowed to the lowest security level interface of the ASA.

SSH will do it ( security purposes)

Also you cannot access a distant-interface, this means from an inside user you will be able to access inside interface but traffic to outside interface ip address will be denied no matter what ( Security desing meassure)

Regards

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

Go to solution
mahesh18
Level 6
Level 6
In response to Julio Carvajal

‎10-27-2012 01:58 PM

Hi Julio,

So this means that outside interface is never allowed telnet by design right?

Also is this possible to telnet to inside interface from outside  ?

Thanks

Mahesh

0 Helpful

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni
In response to mahesh18

‎10-27-2012 02:01 PM

Hello,

So this means that outside interface is never allowed telnet by design right?

Correct,

As I mention on my previous post

Also you cannot access a distant-interface, this means from an inside user you will be able to access inside interface but traffic to outside interface ip address will be denied no matter what ( Security desing meassure)

Regards

Remember to rate all of the helpful posts

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

Go to solution
mahesh18
Level 6
Level 6
In response to Julio Carvajal

‎10-27-2012 02:08 PM

Many thanks Julio

Regards

Mahesh

0 Helpful

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni
In response to mahesh18

‎10-27-2012 02:11 PM

Hello Mahesh,

Thanks for the rating, my pleasure to help

Regards

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card