Re: lock and key access list problem

From: Mannan Venkatesan (mv_lab@xxxxxxxxxxx)
Date: Sun Feb 03 2002 - 11:06:57 GMT-3

• Next message: McCallum, Robert: "RE: lock and key access list problem"
• Previous message: jkesemey: "Frame intf dce"
• Maybe in reply to: atul pawar: "lock and key access list problem"
• Next in thread: McCallum, Robert: "RE: lock and key access list problem"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Does the ACL sequence matters (telnet permit first and then dynamic list)???
I had tried this before and it worked.

Mannan

----- Original Message -----
From: "atul pawar" <atulpawar@hotmail.com>
To: <mv_lab@hotmail.com>
Sent: Sunday, February 03, 2002 2:03 PM
Subject: Re: lock and key access list problem

> I have tried that but got the same result...:(
>
>
> >From: "Mannan Venkatesan" <mv_lab@hotmail.com>
> >To: "atul pawar" <atulpawar@hotmail.com>
> >Subject: Re: lock and key access list problem
> >Date: Sun, 3 Feb 2002 08:56:45 -0500
> >
> >Should it be 'access-list 130 permit tcp any host 172.17.59.19 eq
telnet'???
> >
> >Mannan
> >
> >----- Original Message -----
> >From: "atul pawar" <atulpawar@hotmail.com>
> >To: <ccielab@groupstudy.com>
> >Sent: Sunday, February 03, 2002 1:31 PM
> >Subject: lock and key access list problem
> >
> >
> > > Hi Guyes
> > > I am tesing a lock and key config but not able to get it working.
> > > I want to allow Telnet access to 170.100.1.1 (which is a loopback
> >interface
> > > on router TS) from any host using Lock and key . TS is talking BGP to
R1
> >via
> > > ethernet. When I telnet from R1 to TS it asks me for the username
;accepts
> > > the password and drops the connection as expected. Then again when
telnet
> > > from R1 to TS ie To 170.100.1.1 it asks me for username and password
and
> > > follwing happens
> > >
> > >
> > > r1#telnet 170.100.1.1
> > > Trying 170.100.1.1 ... Open
> > >
> > >
> > > User Access Verification
> > >
> > > Username:atul
> > > Password:
> > > List#130-firewall already contains this IP address pair
> > > [Connection to 170.100.1.1 closed by foreign host]
> > >
> > > Following are the configs for TS and R1
> > > ts#
> > >
> > > !
> > > interface Loopback5
> > > ip address 170.100.1.1 255.255.0.0
> > > no ip directed-broadcast
> > > !
> > > interface Ethernet0
> > > ip address 172.17.59.19 255.255.255.240
> > > ip access-group 130 in
> > > no ip mroute-cache
> > > no cdp enable
> > > !
> > > ip classless
> > > access-list 130 permit tcp any any eq bgp
> > > access-list 130 dynamic firewall timeout 100 permit ip any any
> > > access-list 130 permit tcp any host 170.100.1.1 eq telnet
> > > !
> > > line vty 0 4
> > > login local
> > > autocommand access-enable timeout 5
> > >
> > >
> > > Any help to get this working would be great
> > > Regards,
> > > Atul
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > Atul
> > >
> > >

• Next message: McCallum, Robert: "RE: lock and key access list problem"
• Previous message: jkesemey: "Frame intf dce"
• Maybe in reply to: atul pawar: "lock and key access list problem"
• Next in thread: McCallum, Robert: "RE: lock and key access list problem"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 20 2002 - 13:46:10 GMT-3