From: tom cheung (tkc9789@xxxxxxxxxxx)
Date: Sun Feb 03 2002 - 12:07:47 GMT-3
Atul,
L&K is typically used where in your case, TS acts as a 'firewall' which
allows validated users temporary access to other devices behind the
firewall. I wonder if you've tried telnet to other routers behind TS after
you've validated by TS (the first telnet)?
>-----Original Message-----
>From: atul pawar [mailto:atulpawar@hotmail.com]
>Sent: 03 February 2002 14:37
>To: Robert.McCallum@let-it-be-thus.com; ccielab@groupstudy.com
>Subject: RE: lock and key access list problem
>
>
>I get following results when see the access list after getting bombed out
>in
>first telnet
>
>
>Before first telnet
>
>ts#sh access-lists 130
>Extended IP access list 130
> permit tcp any any eq bgp (8 matches)
> permit tcp any host 170.100.1.1 eq telnet
> Dynamic firewall Max. 100 mins. permit ip any any timeout 100 min.
>
>After first telnet
>
>ts#sh access-lists 130
>Extended IP access list 130
> permit tcp any any eq bgp (9 matches)
> permit tcp any host 170.100.1.1 eq telnet (25 matches)
> Dynamic firewall Max. 100 mins. permit ip any any timeout 100 min.
> permit ip any any idle-time 5 min.
>
>Second telnet attempt
>r1#telnet 170.100.1.1
>Trying 170.100.1.1 ... Open
>
>
>User Access Verification
>
>Username: atul
>Password:
>List#130-firewall already contains this IP address pair
>[Connection to 170.100.1.1 closed by foreign host]
>
>
>
>
>
This archive was generated by hypermail 2.1.4 : Thu Jun 20 2002 - 13:46:10 GMT-3