Solved

Virtual telnet on a pix 515e

Posted on 2006-06-10
16
538 Views
Last Modified: 2013-11-15
Hi,
I have a pix 515e with a vpn setup.
the vpn works just fine.
the problem is that when I connect to the vpn, I am not able to use CRT (telnet program).
I believe that this is do to not being able to auth through the pix.
I read about virtual telnet but not sure if this will work or how to set it up.
is this the right way to do this or is there a better way?
the box that I am connecting to is red hat.
Al
0
Comment
Question by:lacroix_al
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 5
  • 3
16 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 16880942
If the VPN works, then you should be able to telnet to the redhat box with no problem.
Check the default gateway on the Redhat system.
Virtual telnet won't do you any good from the VPN
If you want to post the PIX config, I might be able to see something that can be changed to help your situation.
0
 
LVL 57

Expert Comment

by:giltjr
ID: 16880962
Can you telnet to the RedHat box when local to the location of this server?  The most recent distributions of RedHat do not install telnet by default, they use SSH instead.

On the RedHat box do you have iptables setup as a firewall?  Does it allow the IP addresses in the VPN range to inbound?
0
 

Author Comment

by:lacroix_al
ID: 16881322
Irmoore
I will look at the defaulf gateway.
Why did you write that virtual telnet won't do me any good?
isn't virtual telnet used to auth the service?

giltjr
I can telnet to the red hat box from inside the network.
I didn't setup the red hat box.
where would I look for the iptable?
That would make sence being that the VPN addresses are dif.

Thanks
Al
0
Get Actionable Data from Your Monitoring Solution

Your communication platform is only as good as the relevance of the information you send. Ensure your alerts get to the right people every time with actionable responses. Create escalation rules that ensure everyone follows the process and nothing is left to chance.

 
LVL 79

Expert Comment

by:lrmoore
ID: 16881387
When you VPN in, you bypass all the access-lists, statics, etc that are required for virtual telnet sessions.
0
 
LVL 57

Expert Comment

by:giltjr
ID: 16881823
Are you the now current admin for the RedHat box?
0
 

Author Comment

by:lacroix_al
ID: 16882300
irmoore
so what you are saying is that once connected to the vpn, everything should work as if sitting at a PC on the lan but slower. yes?

giltjr
yes, I am the current red hat admin.
I have just taken over the network but I know little about red hat.

Al
0
 
LVL 79

Assisted Solution

by:lrmoore
lrmoore earned 250 total points
ID: 16882311
Yes, exactly. You are just another node on the network, albeit with a different subnet IP address.
0
 
LVL 57

Accepted Solution

by:
giltjr earned 250 total points
ID: 16882384
Here is a How to for iptables:

http://www.linuxguruz.com/iptables/howto/iptables-HOWTO.html

But to start with logon as root (or su or do sudo) and enter:

     /sbin/iptables -L

The output should show you what filters you have setup, if any.
0
 

Author Comment

by:lacroix_al
ID: 16886088
irmoore
thanks

giltjr
I'll go try this

thanks
Al
0
 

Author Comment

by:lacroix_al
ID: 16898220
Ok
so I just got the username and password to get into the box.
it turns out that it is a SCO unix box.
does this change anything or everything?
AL
0
 

Author Comment

by:lacroix_al
ID: 16898586
Ok
I used ifconfig -a
output
net1 192.168.254.100 netmask ffffff00 broadcast 192.168.254.255

I don't see that the default gateway is set.
is there another command that will work?
Al
0
 
LVL 57

Expert Comment

by:giltjr
ID: 16899208
Yes, SCO Unix makes a difference.  I am not really familure with SCO Unix, so I am not sure what type of IP filtering it uses.  It may have iptables, it may not.

To see the routing table you should enter the command: netstat -rn

0
 

Author Comment

by:lacroix_al
ID: 16899238
yes I figured it out
it was the default gateway
I used the command add route default <ip address>
It fixed the problem
Thanks for all your help
Al
0
 

Author Comment

by:lacroix_al
ID: 16899249
I awarded the points because you both answered my questions.
It wasn't your fualt that I gave incorrect info.
Thanks
Al
0
 
LVL 57

Expert Comment

by:giltjr
ID: 16899305
Glad we could provide some information and glad to see you got it working.  One thing,  I am not sure in SCO Unix how you define routes so that they stay across re-boots.  I don't think that add route will not stay across boot.

http://www.tek-tips.com/faqs.cfm?fid=1436

This may give you some ideas of where to look.
0
 

Author Comment

by:lacroix_al
ID: 16908999
ok
Thanks
Al
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Delta outage: 650 cancelled flights, more than 1200 delayed flights, thousands of frustrated customers, tens of millions of dollars in damages – plus untold reputational damage to one of the world’s most trusted airlines. All due to a catastroph…
Your data is at risk. Probably more today that at any other time in history. There are simply more people with more access to the Web with bad intentions.
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question