RE: Dynamic acls and Telnet

From: Tu Nguyen (tunguyen@juniper.net)
Date: Tue Oct 15 2002 - 15:11:10 GMT-3

• Next message: Bülent Sahin: "RE: My Turn #10471 in Brussels"
• Previous message: Sam.MicroGate@usa.telekom.de: "RE: List"
• Maybe in reply to: Alberto Garcia: "Dynamic acls and Telnet"
• Next in thread: Tim Fletcher: "Re: Dynamic acls and Telnet"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Alberto,

You may want to narrow it down to user base and not line base, your setting will apply to everyone who telneting into the router.

Ex:

username cisco autocommand access-enable >> this will only applied on a user basis.

Tu

-----Original Message-----
From: Alberto Garcia [mailto:alberto.garcia@telindus.es]
Sent: Tuesday, October 15, 2002 9:35 AM
To: ccielab@groupstudy.com
Subject: Dynamic acls and Telnet

Hy group!

        Does anybody know, why when you use dynamic acl you can't do a
telnet to the equipment? And if does it exist anyway to correct this?

        I have the next configuration:

        interface ethernet 0/0
                ip access-group 130 in
        !
        access-list 130 dynamic firewall timeout 2 permit tcp host
192.138.1.1 host 192.138.3.3 eq telnet
        access-list 130 deny tcp any host 192.138.3.3 eq telnet
        access-list 130 permit ip any any
        !
        line vty 0 4
                password cisco
                login
                autocommand access-enable host timeout 1
        
        And whe you try to telnet though any interface you always receive
the next message after the authentication:

        Password:
        List#130-firewall already contains this IP address pair
        [Connection to 192.138.2.2 closed by foreign host]

        Thank you very much!!!

Alberto Garcma Casas
Customer Service
----------------------------------------------------------------------------
----------
Telindus
Plaza Ciudad de Viena, 6 2*Planta
Torre Metropolitana
E-28040 Madrid
----------------------------------------------------------------------------
----------
<mailto:alga@telindus.es>
tel: +34 91 456 00 08
fax: +34 91 536 10 74
direct line: +34 91 203 28 42
mobile: +34 680 40 18 76
----------------------------------------------------------------------------
----------
For more information about our products and services,
please visit our website: <http://www.telindus.es>
----------------------------------------------------------------------------
----------
Secure connectivity & mobility

>>>
29th Telindus International Symposium
Thursday, October 24, 2002
Brussel Expo, Brussels, Belgium

Meet over 2.000 business & ICT professionals for an in-depth networking
update at Telindus' 29th International Symposium.

Check out the programme, partners, workshops and register now for free:
http://www.telindussymposium.com
<<<

• Next message: Bülent Sahin: "RE: My Turn #10471 in Brussels"
• Previous message: Sam.MicroGate@usa.telekom.de: "RE: List"
• Maybe in reply to: Alberto Garcia: "Dynamic acls and Telnet"
• Next in thread: Tim Fletcher: "Re: Dynamic acls and Telnet"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Nov 05 2002 - 08:35:47 GMT-3