Yes.Please add this access-list out extended permit tcp any interface OUTSIDE 
eq telnet

 

 

Samarth Chidanand

Sr Instructor / Developer – IPexpert

CCIE #18535 (R&S, Security)

CCSI #34585

 

 

 

From: Tarik Admani [mailto:[email protected]] 
Sent: Wednesday, May 29, 2013 8:52 AM
To: Samarth Chidanand; 'IPX Forums'
Subject: Re: [OSL | CCIE_Security] WB1 Lab 4 Task 20

 

Thanks for the response, I assume i would need to add the ACL so that traffic 
can be redirected? 

access-list <name> permit tcp any host 45.45.45.10 eq telnet, then apply this 
acl to the interface.

Thanks.
Tarik

 

 

  _____  

From: Samarth Chidanand <[email protected]>
To: 'Tarik Admani' <[email protected]>; 'IPX Forums' 
<[email protected]> 
Sent: Tuesday, May 28, 2013 9:56 PM
Subject: RE: [OSL | CCIE_Security] WB1 Lab 4 Task 20

 

Hi Tarik,

 

You cant enable telnet on the outside interface because it has a security level 
of 0, unless it is protected by IPSec. You don’t need to do that.

 

 

Samarth Chidanand

Sr Instructor / Developer – IPexpert

CCIE #18535 (R&S, Security)

CCSI #34585

 

 

 

From: [email protected] 
[mailto:[email protected]] On Behalf Of Tarik Admani
Sent: Wednesday, May 29, 2013 6:15 AM
To: IPX Forums
Subject: [OSL | CCIE_Security] WB1 Lab 4 Task 20

 

Hi,

The following section involves configuring static pat on ASA-1 so that all 
telnet requests to the outside interface on the ASA are redirected to a 
loopback on R7.

After cross-referencing the DSG I had to add an acl which would allow telnet 
traffic to the outside interface so that it can be redirected to R7's loopback. 

The DSG doesnt mention this but then goes through the verification steps. I 
tried to enable telnet access (telnet 0 0 outside), however the static PAT 
would fail to download policy.

I just wanted to make sure if that is the proper approach and that I am not 
doing this incorrectly.

Thanks,
Tarik

 

 

_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com

Are you a CCNP or CCIE and looking for a job? Check out 
www.PlatinumPlacement.com

Reply via email to