Telnet

Discussion in 'Cisco' started by paul tomlinson, Apr 22, 2004.

  1. Guys i've set up VPN between three sites - but i'm having problems
    telnetting a server in one of the remote sites - i can send pings but
    not telnet (to an AS400 so port 23) AS400 is on 10.1.1.0 network

    Anyone got any ideas?

    interface ethernet0 auto
    interface ethernet1 auto
    nameif ethernet0 outside security0
    nameif ethernet1 inside security100
    fixup protocol ftp 21
    fixup protocol h323 h225 1720
    fixup protocol h323 ras 1718-1719
    fixup protocol http 80
    fixup protocol ils 389
    fixup protocol rsh 514
    fixup protocol rtsp 554
    fixup protocol sip 5060
    fixup protocol sip udp 5060
    fixup protocol skinny 2000
    fixup protocol smtp 25
    fixup protocol sqlnet 1521
    no names
    access-list out-acl permit icmp any any echo-reply
    access-list out-acl permit icmp any any unreachable
    access-list out-acl permit icmp any any time-exceeded
    access-list out-acl permit icmp any any source-quench
    access-list out-acl permit icmp any any parameter-problem
    access-list out-acl permit tcp any any eq ssh
    access-list out-acl permit tcp any any eq pcanywhere-data
    access-list out-acl permit tcp any any eq 5632
    access-list out-acl permit tcp any any eq telnet
    access-list nonat permit ip 10.5.1.0 255.255.255.0 host 192.65.144.190
    access-list nonat permit ip 10.5.1.0 255.255.255.0 192.168.1.0
    255.255.255.0
    access-list nonat permit ip 10.5.1.0 255.255.255.0 192.168.2.0
    255.255.255.0
    access-list nonat permit ip 10.5.1.0 255.255.255.0 10.1.1.0
    255.255.255.0
    access-list londonvpn permit ip 10.5.1.0 255.255.255.0 host
    192.65.144.190
    access-list londonvpn permit ip 10.5.1.0 255.255.255.0 host
    192.168.2.1
    access-list londonvpn permit ip 10.5.1.0 255.255.255.0 192.168.2.0
    255.255.255.0
    access-list us-vpn permit ip 10.5.1.0 255.255.255.0 10.1.1.0
    255.255.255.0
    access-list us-vpn permit tcp 10.5.1.0 255.255.255.0 10.1.1.0
    255.255.255.0 eq telnet
    pager lines 24
    logging on
    logging monitor debugging
    mtu outside 1500
    mtu inside 1500
    ip address outside xxx.xxx.xxx.xxx 255.255.255.248
    ip address inside 10.5.1.10 255.255.255.0
    ip verify reverse-path interface outside
    ip audit info action alarm
    ip audit attack action alarm
    ip local pool pptp-pool 192.168.1.1-192.168.1.50
    ip local pool pptp-pool1 192.168.2.1-192.168.2.50
    pdm logging informational 100
    pdm history enable
    arp timeout 14400
    global (outside) 1 interface
    nat (inside) 0 access-list nonat
    nat (inside) 1 0.0.0.0 0.0.0.0 0 0
    access-group out-acl in interface outside
    route outside 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xx2 1
    timeout xlate 0:05:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225
    1:00:00
    timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
    timeout uauth 0:05:00 absolute
    aaa-server TACACS+ protocol tacacs+
    aaa-server RADIUS protocol radius
    aaa-server LOCAL protocol local
    no snmp-server location
    no snmp-server contact
    snmp-server community public
    no snmp-server enable traps
    floodguard enable
    sysopt connection permit-ipsec
    sysopt connection permit-pptp
    crypto ipsec transform-set 3des-sha esp-3des esp-sha-hmac
    crypto dynamic-map dynmap 50 set transform-set 3des-sha
    crypto map corpvpn 2 ipsec-isakmp
    crypto map corpvpn 2 match address londonvpn
    crypto map corpvpn 2 set peer yyy.yyy.yyy.yyy
    crypto map corpvpn 2 set transform-set 3des-sha
    crypto map corpvpn 20 ipsec-isakmp
    crypto map corpvpn 20 match address us-vpn
    crypto map corpvpn 20 set peer zzz.zzz.zzz.zzz
    crypto map corpvpn 20 set transform-set 3des-sha
    crypto map corpvpn interface outside
    isakmp enable outside
    isakmp key ******** address yyy.yyy.yyy.yyy netmask 255.255.255.255
    isakmp key ******** address zzz.zzz.zzz.zzz netmask 255.255.255.255
    isakmp identity address
    isakmp nat-traversal 20
    isakmp policy 5 authentication pre-share
    isakmp policy 5 encryption 3des
    isakmp policy 5 hash sha
    isakmp policy 5 group 2
    isakmp policy 5 lifetime 3600
    telnet 0.0.0.0 0.0.0.0 inside
    telnet timeout 5
    ssh 0.0.0.0 0.0.0.0 outside
    ssh timeout 5
    console timeout 0
    vpdn group 1 accept dialin pptp
    vpdn group 1 ppp authentication pap
    vpdn group 1 ppp authentication chap
    vpdn group 1 ppp authentication mschap
    vpdn group 1 ppp encryption mppe auto
    vpdn group 1 client configuration address local pptp-pool1
    vpdn group 1 pptp echo 60
    vpdn group 1 client authentication local
    vpdn username remote password ********
    vpdn enable outside
    terminal width 80
     
    paul tomlinson, Apr 22, 2004
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. sPiDEr
    Replies:
    0
    Views:
    3,084
    sPiDEr
    Jun 23, 2003
  2. Aaron Leonard

    Re: AS5350 reverse telnet

    Aaron Leonard, Jul 10, 2003, in forum: Cisco
    Replies:
    0
    Views:
    1,674
    Aaron Leonard
    Jul 10, 2003
  3. Targa
    Replies:
    1
    Views:
    394
    Russ Johnson
    Oct 16, 2003
  4. This Old Man
    Replies:
    1
    Views:
    3,159
    This Old Man
    Oct 16, 2003
  5. Jack B. Pollack
    Replies:
    4
    Views:
    1,270
    Zaltor
    Jul 24, 2003
Loading...

Share This Page