Hi King, I think I didnt get your question correctly initially.
Through VPN tunnel, yes. And i think my second comment applies to virtual telnet. I'll need to re-check. its somewhere in the WB. Regards. ________________________________ From: Kingsley Charles <[email protected]> To: 'Segun Daini <[email protected]> Cc: [email protected] Sent: Fri, October 16, 2009 6:22:16 AM Subject: Re: [OSL | CCIE_Security] Telnet across IPSec connection Hi Segun I am able to telnet but with the ASA outside interface included in the interesting traffic of the VPN. But still I am not able to access the inside interface across IPSec VPN. I am not sure, if telnet is allowed across ASA to another interface. With regards Kings On Fri, Oct 16, 2009 at 10:42 AM, Kingsley Charles <[email protected]> wrote: Hi Segun > >My comments inline. > >With regards >Kings > > >On Fri, Oct 16, 2009 at 10:04 AM, 'Segun Daini <[email protected]> wrote: > >Hi King, >> >>You cannot telnet to the interface with lowest security level on ASA. >> >> ><kings> sysopt connection permit-vpn should take care of it right? > >To telnet to the inside interface, create a static nat of the ip to outside. >And permit access to it on the outside interface. >> > ><kings> If I configure static, the mapped IP should also be interesting >traffic of the IPSec VPN, if I need to access inside through VPN. With VPN, I >get the access to the inside network without the need of static right? Then to >access the inside interface, is static rule neccessary? >> > >Regards >> >> >> >> ________________________________ From: Kingsley Charles <[email protected]> >>To: [email protected] >>Sent: Fri, October 16, 2009 5:30:47 AM >>Subject: [OSL | CCIE_Security] Telnet across IPSec connection >> >> >> >>Hi all >> >>I am trying to telnet from the IOS router which is the remote IPSec peer to >>the outside and inside interface of the ASA. But the Telnet fails. >> >> >>The VPN tunnel is UP. >> >>The following are configured: >> >> sysopt connection permit-vpn >> >>access-list mine permit ip any any >>access-group mine in interface outside >> >>telnet 0.0.0.0 0.0.0.0 outside >>telnet 0.0.0.0.0 0.0.0.0 inside >> >>What is preventing me to telnet? >> >> >> >> >> >>With regards >>Kings >> >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
