A good way of trouble shooting is always to try different things even though
they might not seem logical as a solution. When it works, you can always sit
down an figure out why what did worked, and fine polish your configuration.
First of all, I would try to use the inside address of the mgmt st. so you
have the one closest to your PIX. If that works, you can always troubleshoot
the path between the outside and the inside address of your mgmt st.
Second, I would try to allow traffic for the same ports the reversed way
too. For example you have from x.x.x.x to y.y.y.y, but try to add from
y.y.y.y to x.x.x.x.
Just keep trying, if it means that you have to open up for ALL traffic (you
might want to disconnect the outside world while doing that) just to see if
the access lists are causing the problem or not.
Hth,
Ole
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Ole Drews Jensen
Systems Network Manager
CCNA, MCSE, MCP+I
RWR Enterprises, Inc.
[EMAIL PROTECTED]
http://www.oledrews.com/ccnp
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
NEED A JOB ???
http://www.oledrews.com/job
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-----Original Message-----
From: Vasudeva Venkateshaiah [mailto:[EMAIL PROTECTED]]
Sent: Friday, December 15, 2000 3:11 PM
To: 'Rik Guyler'; [EMAIL PROTECTED]
Subject: RE: TFTP from inside..
Hi...
I do have the following conduit statements in the config..
conduit permit tcp host x.x.x.x eq 69 host y.y.y.y
conduit permit udp host x.x.x.x eq tftp host y.y.y.y
Where x.x.x.x represents the outside address of the mgmt station (the
registered address) and y.y.y.y represents the inside interface (Ethernet)
of the router.
But still it doesn't work..
-----Original Message-----
From: Rik Guyler [mailto:[EMAIL PROTECTED]]
Sent: Friday, December 15, 2000 12:51 PM
To: [EMAIL PROTECTED]
Cc: Vasudeva Venkateshaiah
Subject: RE: TFTP from inside..
Well, you probably don't have the correct UDP port open for TFTP to come
into the network from the router. Open UDP port 63 (I think) from the
outside to the inside interface for TFTP from the router to the mgmt
station. Do this with the following:
conduit permit udp x.x.x.x 255.255.255.255 eq 63 z.z.z.z 255.255.255.255
Where x.x.x.x represents the outside address of the mgmt station (the
registered address) and z.z.z.z represents the inside interface (Ethernet)
of the router. This will allow TFTP from the router to the address of the
mgmt station, which will get translated as it passes through the PIX.
As for telnet, that should work as you are going from a higher security
interface to a lower one. Check that you have "login" and a password
created under the "lines vty 0 4" section of the router config.
If not, do this:
enable
Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#line vty 0 4
Switch(config-line)#login
Switch(config-line)#password cisco (or whatever you want)
Switch(config-line)#^Z
Switch#
Switch#wr mem
Doing this will help you if the problem is a denial of telnet from the
router. If the PIX is blocking your telnet, then you should post a CLEANSED
config of the PIX so you can get help modifying it for the telnet
connection.
Hope this helps!
Rik
-----Original Message-----
From: Vasudeva Venkateshaiah [mailto:[EMAIL PROTECTED]]
Sent: Friday, December 15, 2000 3:19 PM
To: '[EMAIL PROTECTED]'
Subject: TFTP from inside..
Hi,
I have my management station behind the PIX and the TFTP server is running
on that machine. I am not able to do a TFTP of the config-file of the router
which is connected to internet. I can do so for the PIX.
I have a static mapping for the mgmt station to have a valid ip address. I
also cannot do a telnet to the Router from the machine. Ma I missing
something here?
Mgmt station------PIX------------Router------Internet.
Any help would be great.
Thanks
_________________________________
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
,
This mail was processed by Mail essentials for Exchange/SMTP,
the email security & management gateway. Mail essentials adds
content checking, email encryption, anti spam, anti virus,
attachment compression, personalised auto responders, archiving
and more to your Microsoft Exchange Server or SMTP mail server.
For more information visit http://www.mailessentials.com
_________________________________
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
