All,
I've been breaking my head on this one for a while, and frankly I'm just
out of Ideas on how to get this to work. Please see if you have seen this
done before, or if it's just impossible to do.
I have a telnet server on the inside of the network with the IP address of
192.168.41.160, I want to allow users from the outside to telnet to this
server but they must be source NAT'd to a dynamic range I have chosen so
that I can monitor and authenticate each user that is telneting to this
server from the outside. So, I've created a Virtual Telnet on the ASA, and
I can get the users to autheticate to the ASA virtual telnet server, but I
cannot get the Users to hit a dynmaic nat and reach the internal Telnet
server... When a user athenticates, their session just dies.
Any help.... I can attach a visio and below is some of the configurations
I've done without any lucky other than what is posted above.
1). ASA(config)# virtual telnet 66.236.14.229
2). ASA(config)# access-list CT-DYN-POLICY-NAT extended permit tcp any gt
1024 host 66.236.14.229 eq telnet
3). ASA(config)# static (inside,outside) 66.236.14.229 192.168.41.9 netmask
255.255.255.255
4). ASA(config)# access-list CT-PROXY-AUTH extended permit tcp any host
66.234.14.229 eq telnet
5). ASA(config)# aaa authentication match CT-PROXY-AUTH outside LOCAL
6). ASA(config)# nat (outside) 1 access-list CT-DYN-POLICY-NAT
ASA(config)# global (inside) 1 66.236.14.229
ASA(config)# global (inside) 1 192.168.41.150-192.168.41.160
Thanks,
Joe Sanchez
Blogs and organic groups at http://www.ccie.net
Received on Mon Jul 30 2012 - 16:18:27 ART
This archive was generated by hypermail 2.2.0 : Wed Aug 01 2012 - 15:55:23 ART