Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
661
Views
0
Helpful
0
Comments

Cannot access the PIX command line interface with Telnet to inside interface through LAN-to-LAN tunnel

TCC_2
Level 10
Level 10

on ‎06-22-2009 03:34 PM

Core issue

The PIX does not allow a Telnet session to any interface from a host off any other interface. For example, you cannot Telnet to the inside interface of the PIX from a host off the outside interface of the PIX. You can only Telnet to the outside interface from a host off the outside interface, and that traffic must be through an IPsec tunnel.

Resolution

Complete these steps:

  1. Enable Telnet to the outside interface with the telnet network number subnet mask outside command.

  2. Configure an access list that defines interesting traffic to include traffic from the outside interface of the PIX to the remote subnet. Refer to this partial PIX configuration for an example:
     

    access-list VPNTUNNEL permit ip 10.1.1.0 255.255.255.0 192.168.0.0 255.255.255.0
    access-list VPNTUNNEL permit ip host 10.10.10.1 192.168.0.0 255.255.255.0
    ip address outside 10.10.10.1 255.255.255.0
    telnet 192.168.0.0 255.255.255.0 outside
    crypto map MYMAP 20 match address VPNTUNNEL

    For PIX/ASA version 7.x use extended access-list. For example:

      access-list VPNTUNNEL extended permit ip 10.1.1.0 255.255.255.0 192.168.0.0 255.255.255.0

Labels:
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents