Re: Dynamic acls and Telnet

From: Tim Fletcher (tim@fletchmail.net)
Date: Tue Oct 15 2002 - 15:45:24 GMT-3

• Next message: Tim Devries: "RE: My Turn #10471 in Brussels"
• Previous message: Ashok.Gupta: "RE: Dialer watch"
• Maybe in reply to: Alberto Garcia: "Dynamic acls and Telnet"
• Next in thread: Hansang Bae: "Re: Dynamic acls and Telnet"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

That message is normal, and means the access list is already activated. If
you wait for the timeout and try it again you shouldn't get this.

BTW, the dynamic timeout (the one on the autocommand) has been broken
since 12.0.1, and produces unpredicatble results. I saw a bug that
indicated it had been fixed, but my testing indicated otherwise.

-tim

On Tue, 15 Oct 2002, Alberto Garcia wrote:

> Hy group!
>
> Does anybody know, why when you use dynamic acl you can't do a
> telnet to the equipment? And if does it exist anyway to correct this?
>
> I have the next configuration:
>
> interface ethernet 0/0
> ip access-group 130 in
> !
> access-list 130 dynamic firewall timeout 2 permit tcp host
> 192.138.1.1 host 192.138.3.3 eq telnet
> access-list 130 deny tcp any host 192.138.3.3 eq telnet
> access-list 130 permit ip any any
> !
> line vty 0 4
> password cisco
> login
> autocommand access-enable host timeout 1
>
> And whe you try to telnet though any interface you always receive
> the next message after the authentication:
>
> Password:
> List#130-firewall already contains this IP address pair
> [Connection to 192.138.2.2 closed by foreign host]
>
> Thank you very much!!!
>
>
> Alberto Garcma Casas
> Customer Service
> ----------------------------------------------------------------------------
> ----------
> Telindus
> Plaza Ciudad de Viena, 6 2*Planta
> Torre Metropolitana
> E-28040 Madrid
> ----------------------------------------------------------------------------
> ----------
> <mailto:alga@telindus.es>
> tel: +34 91 456 00 08
> fax: +34 91 536 10 74
> direct line: +34 91 203 28 42
> mobile: +34 680 40 18 76
> ----------------------------------------------------------------------------
> ----------
> For more information about our products and services,
> please visit our website: <http://www.telindus.es>
> ----------------------------------------------------------------------------
> ----------
> Secure connectivity & mobility
>
>
>
> >>>
> 29th Telindus International Symposium
> Thursday, October 24, 2002
> Brussel Expo, Brussels, Belgium
>
> Meet over 2.000 business & ICT professionals for an in-depth networking
> update at Telindus' 29th International Symposium.
>
> Check out the programme, partners, workshops and register now for free:
> http://www.telindussymposium.com
> <<<

• Next message: Tim Devries: "RE: My Turn #10471 in Brussels"
• Previous message: Ashok.Gupta: "RE: Dialer watch"
• Maybe in reply to: Alberto Garcia: "Dynamic acls and Telnet"
• Next in thread: Hansang Bae: "Re: Dynamic acls and Telnet"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Nov 05 2002 - 08:35:47 GMT-3