From: McCallum, Robert (Robert.McCallum@xxxxxxxxxxxxxxxxxx)
Date: Sun Feb 03 2002 - 11:42:47 GMT-3
Atul,
you will either have to log in the second time with a different name OR make th
e 170 network not on the same router as lock and key access-list. In lock and
key it should be a case that it allows access through the router onto something
else. i.e. router A - Router B (dynamic access list) - Router
C.
Someone on router A has got to telnet to Router B and verify who they are befor
e the can telnet to Router C.
What you are doing when you log in with the same name is kicking in the dynamic
access list again, hence the error message.
-----Original Message-----
From: atul pawar [mailto:atulpawar@hotmail.com]
Sent: 03 February 2002 14:37
To: Robert.McCallum@let-it-be-thus.com; ccielab@groupstudy.com
Subject: RE: lock and key access list problem
I get following results when see the access list after getting bombed out in
first telnet
Before first telnet
ts#sh access-lists 130
Extended IP access list 130
permit tcp any any eq bgp (8 matches)
permit tcp any host 170.100.1.1 eq telnet
Dynamic firewall Max. 100 mins. permit ip any any timeout 100 min.
After first telnet
ts#sh access-lists 130
Extended IP access list 130
permit tcp any any eq bgp (9 matches)
permit tcp any host 170.100.1.1 eq telnet (25 matches)
Dynamic firewall Max. 100 mins. permit ip any any timeout 100 min.
permit ip any any idle-time 5 min.
Second telnet attempt
r1#telnet 170.100.1.1
Trying 170.100.1.1 ... Open
User Access Verification
Username: atul
Password:
List#130-firewall already contains this IP address pair
[Connection to 170.100.1.1 closed by foreign host]
This archive was generated by hypermail 2.1.4 : Thu Jun 20 2002 - 13:46:10 GMT-3