RE: Dynamic acls and Telnet

From: Sam.MicroGate@usa.telekom.de
Date: Tue Oct 15 2002 - 14:12:31 GMT-3

• Next message: syv: "Re: Dialer watch"
• Previous message: Alberto Garcia: "Dynamic acls and Telnet"
• Maybe in reply to: Alberto Garcia: "Dynamic acls and Telnet"
• Next in thread: Tu Nguyen: "RE: Dynamic acls and Telnet"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Alberto,

You have the correct configurations. After entering the username and the
password from the outside router the connection will be closed. Then try to
telnet to the host in the inside directly (the inside network in your
scenario is 192.138.1.1) You should have access now.
The point is you cannot telnet directly to the inside. You telnet to the
edge router first. Then a dynamic entry will be created in the edge router
and your connection will be disconnected. When telnet to the inside from the
outside, you will be using a dynamic, timed access list.

Sam

-----Original Message-----
From: Alberto Garcia [mailto:alberto.garcia@telindus.es]
Sent: Tuesday, October 15, 2002 12:35 PM
To: ccielab@groupstudy.com
Subject: Dynamic acls and Telnet

Hy group!

        Does anybody know, why when you use dynamic acl you can't do a
telnet to the equipment? And if does it exist anyway to correct this?

        I have the next configuration:

        interface ethernet 0/0
                ip access-group 130 in
        !
        access-list 130 dynamic firewall timeout 2 permit tcp host
192.138.1.1 host 192.138.3.3 eq telnet
        access-list 130 deny tcp any host 192.138.3.3 eq telnet
        access-list 130 permit ip any any
        !
        line vty 0 4
                password cisco
                login
                autocommand access-enable host timeout 1
        
        And whe you try to telnet though any interface you always receive
the next message after the authentication:

        Password:
        List#130-firewall already contains this IP address pair
        [Connection to 192.138.2.2 closed by foreign host]

        Thank you very much!!!

Alberto Garcma Casas
Customer Service
----------------------------------------------------------------------------
----------
Telindus
Plaza Ciudad de Viena, 6 2*Planta
Torre Metropolitana
E-28040 Madrid
----------------------------------------------------------------------------
----------
<mailto:alga@telindus.es>
tel: +34 91 456 00 08
fax: +34 91 536 10 74
direct line: +34 91 203 28 42
mobile: +34 680 40 18 76
----------------------------------------------------------------------------
----------
For more information about our products and services,
please visit our website: <http://www.telindus.es>
----------------------------------------------------------------------------
----------
Secure connectivity & mobility

>>>
29th Telindus International Symposium
Thursday, October 24, 2002
Brussel Expo, Brussels, Belgium

Meet over 2.000 business & ICT professionals for an in-depth networking
update at Telindus' 29th International Symposium.

Check out the programme, partners, workshops and register now for free:
http://www.telindussymposium.com
<<<

• Next message: syv: "Re: Dialer watch"
• Previous message: Alberto Garcia: "Dynamic acls and Telnet"
• Maybe in reply to: Alberto Garcia: "Dynamic acls and Telnet"
• Next in thread: Tu Nguyen: "RE: Dynamic acls and Telnet"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Nov 05 2002 - 08:35:47 GMT-3