Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
567
Views
0
Helpful
2
Replies

IOS SSL VPN and Thin Client

Chuan Liu
Level 1
Level 1

‎01-21-2010 05:57 PM

Hi All,

I have setup SSL VPN on a border C871 with port forwarding for Telnet and ssh access to inside C3845 routers. The inside router has ACL enabled to controll access on vty lines. When I remove the ACL, I can successfully telnet 127.0.0.1 3000 from local PC to the inside router. When the ACL is enabled, I cannot access the router. One would think this is normal. But the problem is there even if I have a 'permit any' statement in the ACL to allow any access. Here is the script:

-------------------------

access-list 99 permit any

line vty 0 4

access-class 99 in

transport input all

!

--------------------------

C871 is in version c870-advipservicesk9-mz.124-15.T9.bin; and C3845 is in c3845-advipservicesk9-mz.124-9.T7.bin.

Any ideas on this would be appreciated.

Thanks.

Chuan

Labels:
0 Helpful
2 Replies 2

james.bastnagel
Level 1
Level 1

‎01-22-2010 10:27 AM

Chuan,

Can you post a copy of the ACL itself and confirm what port you are using for telnet access? From your post it appears that you may be using port 3000, but I am unclear on that piece.

James

0 Helpful

Chuan Liu
Level 1
Level 1
In response to james.bastnagel

‎01-25-2010 12:12 PM

Hi James,

I cannot access even when the ACL has only one statement: access-list 99 per any.

In the SSL VPN router, port 3000 is defined for ssh.

port-forward "Core01"
   local-port 3000 remote-server "192.168.179.193" remote-port 22

When connected from Laptop to the SSL VPN router, I telnet on 127.0.0.1 3000 from DOS prompt.

When the above ACL is removed, the telnet is working.

Thanks for your idea,

Chuan

0 Helpful
Customers Also Viewed These Support Documents
Top