From: Petr Lapukhov (petr@internetworkexpert.com)
Date: Sat Nov 25 2006 - 06:21:41 ART
Here's a working configuration:
R1--(ins)--PIX--(out)--R2
R1-PIX = 130.1.19.0/24
R2-PIX = 130.1.239.0/24
-----
PIX:
username CISCO pass CISCO
access-list AUTH permit tcp any any eq 23
access-list OUTSIDE_ACL permit tcp any any eq 23
access-group OUTSIDE_ACL in inter outside
!
! a sample unused inside ip address
!
static (i,o) 130.1.19.100 130.1.19.100
aaa authentication match AUTH outside LOCAL
virtual telnet 130.1.19.100
R2:
!
! route inside network to PIX
!
ip route 130.1.19.0 255.255.255.0 130.1.239.9
-------------------------------------
R2#telnet 130.1.19.100
Trying 130.1.19.100 ... Open
LOGIN Authentication
Username: CISCO
Password:
Authentication Successful
[Connection to 130.1.19.100 closed by foreign host]
R2#telnet 130.1.19.100
Trying 130.1.19.100 ... Open
LOGOUT Authentication
Username: CISCO
Password:
Logout Successful
[Connection to 130.1.19.100 closed by foreign host]
HTH
2006/11/25, Lab Rat #109385382 <techlist01@gmail.com>:
>
> Does the PIX Virtual Telnet IP address have to be on the outside or
> perimeter interface? I could have sworn it worked before with an inside
> IP
> address, but it's not working for me now.
>
> I checked the Doc CD and it doesn't seem to imply that the IP must be on
> the
> outside/perimeter; only that, if it was, you must use a Static and ACL to
> allow users on those interfaces to initiate the connection.
>
> Anyone get it working using an inside IP address?
>
> Thanks,
>
> Ed
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
-- Petr Lapukhov, CCIE #16379 petr@internetworkexpert.comInternetwork Expert, Inc. http://www.InternetworkExpert.com Toll Free: 877-224-8987 Outside US: 775-826-4344
This archive was generated by hypermail 2.1.4 : Fri Dec 01 2006 - 08:05:48 ART