04-11-2008 03:30 AM - edited 02-21-2020 01:58 AM
Hello,
I configured a Pix firewalll for telnet using the command "telnet ip netmask interface_name" but for some reason it does not wokr.
i checked the configuration on the firewall and the other device accessing the pix with telnet do not have additional configuration.
From wireshark capture I can see the pix replies my telnet atempts with a tcp rst packet.
Do you know what could be wrong in the configuration?
Regards.
04-11-2008 04:09 AM
Hi!
You did not specified the interface name.
AFAIK pix does not allow "clear" telnet on its outside interface. On inside this should work.
With best regards.
04-11-2008 05:15 AM
Hi,
I configured telnet on the inside interface.
It is no possible to configure telnet without specifying an interface.
Regards.
04-11-2008 05:20 AM
Are you telnetting from the outside? Then you need to give permissions in access-lists.
04-11-2008 07:09 AM
Hello,
I telnet from the inside interface.
This is really strange, I thought a first that it would be a fw issue but since I get a tcp reset packet from the firewall, it's no an access list issue.
I'm a bit lost.
Regards.
04-13-2008 06:54 PM
Instead of troubleshooting the telnet problem, configure SSH instead. You shouldn't be using telnet due to the security risks of device management over a cleartext protocol.
Command is:
SSH
I use putty for my ssh client, but there are plenty others out there.
04-14-2008 04:45 AM
Thats make things more easy. Because you can debug SSH connections. where as telnet doesnt have such an option.
But still we didnt resolve the telnet issue. If possible try to do the configuration from the scrach. The reason I suggest this is I had a connectivity issue with a PIX 515 and no matter what I did, no packets were going through the PIX to outside.This happen all of a sudden. So I did a fresh configuration and It worked (Though this is not a good solution ;-)
04-14-2008 05:03 AM
Hello,
It works with SSH but does not with telnet.
Regardless of the security issue that comes with Telnet, it's still quite frustrating not to understand the reason why it does not work.
The configuration is the exact same conf as the one I use for another station, which works ok.
Although it didn't fix the issue, thank you all for your answers.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: