Kings/segun,
I think there some confusion, security level will not prevent telnet
as described as such the telnet acl will allow this.
On the other hand You cannot telnet thru the asa to another interface
though.
The same will apply to your VPN it will not work. The sysopt conn
Permit-VPN allows the adaptive security algorithm to permit the VPN
traffic to the Asa interface with the need for acls etc. It will not
permit the telnet.
My advice is donot add traffic destined to the asa as interesting
traffic in ur VPN if the VPN is terminated direct on the asa.
Hth
Stu
Sent from my iPhone
On 16 Oct 2009, at 05:34, 'Segun Daini <[email protected]> wrote:
Hi King,
You cannot telnet to the interface with lowest security level on ASA.
To telnet to the inside interface, create a static nat of the ip to
outside. And permit access to it on the outside interface.
Regards
From: Kingsley Charles <[email protected]>
To: [email protected]
Sent: Fri, October 16, 2009 5:30:47 AM
Subject: [OSL | CCIE_Security] Telnet across IPSec connection
Hi all
I am trying to telnet from the IOS router which is the remote IPSec
peer to the outside and inside interface of the ASA. But the Telnet
fails.
The VPN tunnel is UP.
The following are configured:
sysopt connection permit-vpn
access-list mine permit ip any any
access-group mine in interface outside
telnet 0.0.0.0 0.0.0.0 outside
telnet 0.0.0.0.0 0.0.0.0 inside
What is preventing me to telnet?
With regards
Kings
_______________________________________________
For more information regarding industry leading CCIE Lab training,
please visit www.ipexpert.com
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
