telnet to outside interface of pix

Unanswered Question
Jul 28th, 2008
User Badges:

We have a pix firewalling a small lab in our company with the outside interface connected to one of our local lan's.


Other than setting telnet 192.168.x.x 255.255.0.0 outside , is there anything else that is required?


---Mike


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
jonesm111 Wed, 07/30/2008 - 10:45
User Badges:

I have setup a username, password, the ssh key

and all that looks good but when I then try to ssh I get invalid username password, even though I have re-entered the userame and password several times.


The version is 6.3

mohammed_moustafa Tue, 07/29/2008 - 04:37
User Badges:

Hi,


Like Mike says you can't cisco firewalls via telnetting to the outside interface.


but there is a work around if you need it, you can raise the security level of the interface to 100 hence you can telnet to it.


Please keep me updated with your case.


B.regards,

M.Moustafa.

jonesm111 Tue, 07/29/2008 - 08:55
User Badges:

I remember trying this once before. If memory serves me correctly, I also had to change the inside level to 10 and the FW reconfigured a few things that caused some other problems.

JORGE RODRIGUEZ Tue, 07/29/2008 - 10:02
User Badges:
  • Green, 3000 points or more

Personally I would not recommend outside interface reconfig as sec level of 100 for accomplishing simple telnet access via outside interface, unless you have the firewall in a LAB and want to experiment with firewall then is fine. Changes to sec level on an already configured firewall with rules will impact ACLs and firewall behaviour when sec levels are changed specially rules bound to outside interface.


The easiest way to access outside interface is through ssh as Sundar provided link shows, it is very easy to do, you will not run into problems as it would by changing sec levels back and forth.



Rgds

Jorge


Actions

This Discussion