?
Solved

Virtual telnet on a pix 515e

Posted on 2006-06-10
16
Medium Priority
?
539 Views
Last Modified: 2013-11-15
Hi,
I have a pix 515e with a vpn setup.
the vpn works just fine.
the problem is that when I connect to the vpn, I am not able to use CRT (telnet program).
I believe that this is do to not being able to auth through the pix.
I read about virtual telnet but not sure if this will work or how to set it up.
is this the right way to do this or is there a better way?
the box that I am connecting to is red hat.
Al
0
Comment
Question by:lacroix_al
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 5
  • 3
16 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 16880942
If the VPN works, then you should be able to telnet to the redhat box with no problem.
Check the default gateway on the Redhat system.
Virtual telnet won't do you any good from the VPN
If you want to post the PIX config, I might be able to see something that can be changed to help your situation.
0
 
LVL 57

Expert Comment

by:giltjr
ID: 16880962
Can you telnet to the RedHat box when local to the location of this server?  The most recent distributions of RedHat do not install telnet by default, they use SSH instead.

On the RedHat box do you have iptables setup as a firewall?  Does it allow the IP addresses in the VPN range to inbound?
0
 

Author Comment

by:lacroix_al
ID: 16881322
Irmoore
I will look at the defaulf gateway.
Why did you write that virtual telnet won't do me any good?
isn't virtual telnet used to auth the service?

giltjr
I can telnet to the red hat box from inside the network.
I didn't setup the red hat box.
where would I look for the iptable?
That would make sence being that the VPN addresses are dif.

Thanks
Al
0
Bringing Advanced Authentication to the SMB Market

WatchGuard announces the acquisition of advanced authentication provider, Datablink, with one mission – to bring secure authentication to SMB, mid-market, and distributed enterprises with a cloud-based solution, ideal for resale via their established channel & MSSP community.

 
LVL 79

Expert Comment

by:lrmoore
ID: 16881387
When you VPN in, you bypass all the access-lists, statics, etc that are required for virtual telnet sessions.
0
 
LVL 57

Expert Comment

by:giltjr
ID: 16881823
Are you the now current admin for the RedHat box?
0
 

Author Comment

by:lacroix_al
ID: 16882300
irmoore
so what you are saying is that once connected to the vpn, everything should work as if sitting at a PC on the lan but slower. yes?

giltjr
yes, I am the current red hat admin.
I have just taken over the network but I know little about red hat.

Al
0
 
LVL 79

Assisted Solution

by:lrmoore
lrmoore earned 1000 total points
ID: 16882311
Yes, exactly. You are just another node on the network, albeit with a different subnet IP address.
0
 
LVL 57

Accepted Solution

by:
giltjr earned 1000 total points
ID: 16882384
Here is a How to for iptables:

http://www.linuxguruz.com/iptables/howto/iptables-HOWTO.html

But to start with logon as root (or su or do sudo) and enter:

     /sbin/iptables -L

The output should show you what filters you have setup, if any.
0
 

Author Comment

by:lacroix_al
ID: 16886088
irmoore
thanks

giltjr
I'll go try this

thanks
Al
0
 

Author Comment

by:lacroix_al
ID: 16898220
Ok
so I just got the username and password to get into the box.
it turns out that it is a SCO unix box.
does this change anything or everything?
AL
0
 

Author Comment

by:lacroix_al
ID: 16898586
Ok
I used ifconfig -a
output
net1 192.168.254.100 netmask ffffff00 broadcast 192.168.254.255

I don't see that the default gateway is set.
is there another command that will work?
Al
0
 
LVL 57

Expert Comment

by:giltjr
ID: 16899208
Yes, SCO Unix makes a difference.  I am not really familure with SCO Unix, so I am not sure what type of IP filtering it uses.  It may have iptables, it may not.

To see the routing table you should enter the command: netstat -rn

0
 

Author Comment

by:lacroix_al
ID: 16899238
yes I figured it out
it was the default gateway
I used the command add route default <ip address>
It fixed the problem
Thanks for all your help
Al
0
 

Author Comment

by:lacroix_al
ID: 16899249
I awarded the points because you both answered my questions.
It wasn't your fualt that I gave incorrect info.
Thanks
Al
0
 
LVL 57

Expert Comment

by:giltjr
ID: 16899305
Glad we could provide some information and glad to see you got it working.  One thing,  I am not sure in SCO Unix how you define routes so that they stay across re-boots.  I don't think that add route will not stay across boot.

http://www.tek-tips.com/faqs.cfm?fid=1436

This may give you some ideas of where to look.
0
 

Author Comment

by:lacroix_al
ID: 16908999
ok
Thanks
Al
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
This article shows how to use a free utility called 'Parkdale' to easily test the performance and benchmark any Hard Drive(s) installed in your computer. We also look at RAM Disks and their speed comparisons.
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Suggested Courses

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question