Re: lock and key access list problem

From: Mannan Venkatesan (mv_lab@xxxxxxxxxxx)
Date: Sun Feb 03 2002 - 12:07:35 GMT-3

• Next message: tom cheung: "RE: lock and key access list problem"
• Previous message: Wen Jia Yang: "LAB SWAP IN BEIJING"
• Maybe in reply to: atul pawar: "lock and key access list problem"
• Next in thread: tom cheung: "RE: lock and key access list problem"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
I think you are right, Robert. Atul, try to ping instead of telnet in the
second time or try to telnet to router C beyond router B as Robert said.

----- Original Message -----
From: "McCallum, Robert" <Robert.McCallum@let-it-be-thus.com>
To: "'atul pawar'" <atulpawar@hotmail.com>; <ccielab@groupstudy.com>
Sent: Sunday, February 03, 2002 9:42 AM
Subject: RE: lock and key access list problem

> Atul,
>
> you will either have to log in the second time with a different name OR
make the 170 network not on the same router as lock and key access-list. In
lock and key it should be a case that it allows access through the router
onto something else. i.e. router A - Router B (dynamic access list) -
Router
> C.
>
> Someone on router A has got to telnet to Router B and verify who they are
before the can telnet to Router C.
>
> What you are doing when you log in with the same name is kicking in the
dynamic access list again, hence the error message.
>
> -----Original Message-----
> From: atul pawar [mailto:atulpawar@hotmail.com]
> Sent: 03 February 2002 14:37
> To: Robert.McCallum@let-it-be-thus.com; ccielab@groupstudy.com
> Subject: RE: lock and key access list problem
>
>
> I get following results when see the access list after getting bombed out
in
> first telnet
>
>
> Before first telnet
>
> ts#sh access-lists 130
> Extended IP access list 130
> permit tcp any any eq bgp (8 matches)
> permit tcp any host 170.100.1.1 eq telnet
> Dynamic firewall Max. 100 mins. permit ip any any timeout 100 min.
>
> After first telnet
>
> ts#sh access-lists 130
> Extended IP access list 130
> permit tcp any any eq bgp (9 matches)
> permit tcp any host 170.100.1.1 eq telnet (25 matches)
> Dynamic firewall Max. 100 mins. permit ip any any timeout 100 min.
> permit ip any any idle-time 5 min.
>
> Second telnet attempt
> r1#telnet 170.100.1.1
> Trying 170.100.1.1 ... Open
>
>
> User Access Verification
>
> Username: atul
> Password:
> List#130-firewall already contains this IP address pair
> [Connection to 170.100.1.1 closed by foreign host]
>
>
>
>
>

• Next message: tom cheung: "RE: lock and key access list problem"
• Previous message: Wen Jia Yang: "LAB SWAP IN BEIJING"
• Maybe in reply to: atul pawar: "lock and key access list problem"
• Next in thread: tom cheung: "RE: lock and key access list problem"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 20 2002 - 13:46:10 GMT-3