Jump to content

Site Offline

The community is currently offline and only accessible to those with permission.

Sadikhov IT Certification forums
Sign in to follow this  
rohitverma4u

[PIX]no telnet from outside to dmz with static in place

Recommended Posts

Hi,

		   Router------------------------------------(out)PIX(dmz)-------------------------------------------router
					 .2		192.168.1.0			   .1				   .1						  172.16.1.0		.2


static(dmz,outside) 192.168.1.11 172.16.1.2 netmask 255.255.255.255
access-list ACLIN extended permit tcp host 192.168.1.2 host 192.168.1.11 eq 23
access-group ACLIN in interface outside 

The problem is i am not able to telnet from outside to dmz host.The error comes as remote host do not reply, but the weird part is hitcount is incremented by one every time is make a telnet request. The moment i disable ip routing on DMZ host and configure default-gateway everything works fine.
AM i missing some thing here , because configuring default-gateway doesn't makes sense at all.

Share this post


Link to post
Share on other sites
Hi,

		   Router------------------------------------(out)PIX(dmz)-------------------------------------------router
					 .2		192.168.1.0			   .1				   .1						  172.16.1.0		.2


static(dmz,outside) 192.168.1.11 172.16.1.2 netmask 255.255.255.255
access-list ACLIN extended permit tcp host 192.168.1.2 host 192.168.1.11 eq 23
access-group ACLIN in interface outside 

The problem is i am not able to telnet from outside to dmz host.The error comes as remote host do not reply, but the weird part is hitcount is incremented by one every time is make a telnet request. The moment i disable ip routing on DMZ host and configure default-gateway everything works fine.
AM i missing some thing here , because configuring default-gateway doesn't makes sense at all.

 

telnet is disabled to outside interface of firewall by default. You cant enable it. Try ssh

Share this post


Link to post
Share on other sites
Hi,

		   Router------------------------------------(out)PIX(dmz)-------------------------------------------router
					 .2		192.168.1.0			   .1				   .1						  172.16.1.0		.2


static(dmz,outside) 192.168.1.11 172.16.1.2 netmask 255.255.255.255
access-list ACLIN extended permit tcp host 192.168.1.2 host 192.168.1.11 eq 23
access-group ACLIN in interface outside 

The problem is i am not able to telnet from outside to dmz host.The error comes as remote host do not reply, but the weird part is hitcount is incremented by one every time is make a telnet request. The moment i disable ip routing on DMZ host and configure default-gateway everything works fine.
AM i missing some thing here , because configuring default-gateway doesn't makes sense at all.

 

probably you got some wrong routing entry on dmz host - please post routing table, and we'll see what we can do :)

Share this post


Link to post
Share on other sites

Hi,

 

I agree with marexx, do you have a route to 192.168.1.0/xx pointing to 172.16.1.1? Or default route with same exit point?

 

Cheers

 

Cromac

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×