virtual telnet on FWSM

Jon Marshall · ‎08-30-2005

I'm probably being a bit thick but i cannot get the virtual telnet fucntionality on the FWSM - 1.1(3) working.

relevant Config on FWSM (this is a test setup so the web server/ternminal server and the AAA server are the same IP address - 10.5.1.11 ).

virtual telnet 10.1.1.6

static (inside,outside) 10.1.1.6 10.1.1.6 netmask 255.255.255.255

aaa authentication include tcp/0 outside 10.5.1.11 255.255.255.255 10.6.1.2 255.255.255.255 AuthInbound

access-list acl_outside permit tcp host 10.6.1.2 host 10.1.1.6 eq telnet

access-list acl_outside permit tcp object-group prod_ips host 10.5.1.11

access-list acl_outside permit tcp host 10.2.2.2 host 10.5.1.11 eq 3389

access-list acl_outside permit tcp host 10.2.2.2 host 10.5.1.11 eq www

access-list acl_outside permit tcp host 10.6.1.1 host 10.5.1.11 eq 3389

access-list acl_outside permit tcp host 10.6.1.1 host 10.5.1.11 eq www

access-list acl_outside permit tcp host 10.6.1.2 host 10.5.1.11 eq 3389

access-list acl_outside permit tcp host 10.6.1.2 host 10.5.1.11 eq www

If i try to telnet to the virtual server i can see hits on the access-list but no traffic is being sent back.

The virtual server IP address is a spare IP taken from the subnet range assigned to the outside interface of the FWSM.

owillins · ‎09-06-2005

The telnet command allows you to specify which hosts can access the FWSM console with Telnet. You can enable Telnet to the FWSM on all interfaces. However, the FWSM enforces that all Telnet traffic to the outside interface is protected by IPSec. To enable a Telnet session to the outside interface, configure IPSec on the outside interface to include IP traffic that is generated by the FWSM and enable Telnet on the outside interface.