[c-nsp] Telnet to Pix via VPN
David White, Jr. (dwhitejr)
dwhitejr at cisco.com
Sun Feb 7 10:05:09 EST 2010
Hi David,
It sounds like you are running into CSCsj53102. What version are you
running on your 8.0 devices?
Sincerely,
David.
David Coulson wrote:
> I have a number of ASAs and Pix devices with interconnected VPNs. From
> each LAN I can telnet into the local device, however on both an
> ASA5510 and Pix515 running 8.0 I am unable to telnet into the device
> from across a VPN. An older Pix501 running 6.3 will allow me. I can
> ping across the VPNs to each device.
>
> In all cases 'management-access inside' is enabled and the appropriate
> remote subnet is in a 'telnet x.x.x.x y.y.y.y' statement. The telnet
> client thinks the connection is open, but I don't get a login prompt.
>
> Log output when I attempt to telnet to the 515 - Not sure I understand
> the TCP intercept part of this. Maybe that is the smoking gun.
>
> Feb 06 2010 21:36:13: %PIX-6-302013: Built inbound TCP connection 367
> for outside:172.17.6.102/3158 (172.17.6.102/3158) to NP Identity
> Ifc:172.16.5.1/23 (172.16.5.1/23)
> Feb 06 2010 21:36:13: %PIX-6-302014: Teardown TCP connection 367 for
> outside:172.17.6.102/3158 to NP Identity Ifc:172.16.5.1/23 duration
> 0:00:00 bytes 0 Flow terminated by TCP Intercept
> Feb 06 2010 21:36:13: %PIX-6-302013: Built inbound TCP connection 368
> for outside:172.17.6.102/3158 (172.17.6.102/3158) to NP Identity
> Ifc:172.16.5.1/23 (172.16.5.1/23)
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list