Yes.Please add this access-list out extended permit tcp any interface OUTSIDE eq telnet
Samarth Chidanand Sr Instructor / Developer – IPexpert CCIE #18535 (R&S, Security) CCSI #34585 From: Tarik Admani [mailto:[email protected]] Sent: Wednesday, May 29, 2013 8:52 AM To: Samarth Chidanand; 'IPX Forums' Subject: Re: [OSL | CCIE_Security] WB1 Lab 4 Task 20 Thanks for the response, I assume i would need to add the ACL so that traffic can be redirected? access-list <name> permit tcp any host 45.45.45.10 eq telnet, then apply this acl to the interface. Thanks. Tarik _____ From: Samarth Chidanand <[email protected]> To: 'Tarik Admani' <[email protected]>; 'IPX Forums' <[email protected]> Sent: Tuesday, May 28, 2013 9:56 PM Subject: RE: [OSL | CCIE_Security] WB1 Lab 4 Task 20 Hi Tarik, You cant enable telnet on the outside interface because it has a security level of 0, unless it is protected by IPSec. You don’t need to do that. Samarth Chidanand Sr Instructor / Developer – IPexpert CCIE #18535 (R&S, Security) CCSI #34585 From: [email protected] [mailto:[email protected]] On Behalf Of Tarik Admani Sent: Wednesday, May 29, 2013 6:15 AM To: IPX Forums Subject: [OSL | CCIE_Security] WB1 Lab 4 Task 20 Hi, The following section involves configuring static pat on ASA-1 so that all telnet requests to the outside interface on the ASA are redirected to a loopback on R7. After cross-referencing the DSG I had to add an acl which would allow telnet traffic to the outside interface so that it can be redirected to R7's loopback. The DSG doesnt mention this but then goes through the verification steps. I tried to enable telnet access (telnet 0 0 outside), however the static PAT would fail to download policy. I just wanted to make sure if that is the proper approach and that I am not doing this incorrectly. Thanks, Tarik
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
