[c-nsp] Telnet to Pix via VPN
David Coulson
david at davidcoulson.net
Sat Feb 6 21:38:17 EST 2010
I have a number of ASAs and Pix devices with interconnected VPNs. From
each LAN I can telnet into the local device, however on both an ASA5510
and Pix515 running 8.0 I am unable to telnet into the device from across
a VPN. An older Pix501 running 6.3 will allow me. I can ping across the
VPNs to each device.
In all cases 'management-access inside' is enabled and the appropriate
remote subnet is in a 'telnet x.x.x.x y.y.y.y' statement. The telnet
client thinks the connection is open, but I don't get a login prompt.
Log output when I attempt to telnet to the 515 - Not sure I understand
the TCP intercept part of this. Maybe that is the smoking gun.
Feb 06 2010 21:36:13: %PIX-6-302013: Built inbound TCP connection 367
for outside:172.17.6.102/3158 (172.17.6.102/3158) to NP Identity
Ifc:172.16.5.1/23 (172.16.5.1/23)
Feb 06 2010 21:36:13: %PIX-6-302014: Teardown TCP connection 367 for
outside:172.17.6.102/3158 to NP Identity Ifc:172.16.5.1/23 duration
0:00:00 bytes 0 Flow terminated by TCP Intercept
Feb 06 2010 21:36:13: %PIX-6-302013: Built inbound TCP connection 368
for outside:172.17.6.102/3158 (172.17.6.102/3158) to NP Identity
Ifc:172.16.5.1/23 (172.16.5.1/23)
More information about the cisco-nsp
mailing list