07-28-2008 01:08 PM - edited 03-11-2019 06:21 AM
We have a pix firewalling a small lab in our company with the outside interface connected to one of our local lan's.
Other than setting telnet 192.168.x.x 255.255.0.0 outside , is there anything else that is required?
---Mike
07-28-2008 02:51 PM
Mike
PIX/ASA does not support telnet on outside interface. You can access it via SSH from the outside.
Have a look at this link for SSH setup.
HTH
Sundar
07-30-2008 10:45 AM
I have setup a username, password, the ssh key
and all that looks good but when I then try to ssh I get invalid username password, even though I have re-entered the userame and password several times.
The version is 6.3
07-30-2008 12:32 PM
Got it figured out, thanks all..
After clearing out the old aaa commands (WHAT A PAIN!), then issueing:
aaa authentication ssh console LOCAL
It then authenticated to the local database.
This article lead me to it:
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00800949d6.shtml
--Mike
07-29-2008 04:37 AM
Hi,
Like Mike says you can't cisco firewalls via telnetting to the outside interface.
but there is a work around if you need it, you can raise the security level of the interface to 100 hence you can telnet to it.
Please keep me updated with your case.
B.regards,
M.Moustafa.
07-29-2008 08:55 AM
I remember trying this once before. If memory serves me correctly, I also had to change the inside level to 10 and the FW reconfigured a few things that caused some other problems.
07-29-2008 10:02 AM
Personally I would not recommend outside interface reconfig as sec level of 100 for accomplishing simple telnet access via outside interface, unless you have the firewall in a LAB and want to experiment with firewall then is fine. Changes to sec level on an already configured firewall with rules will impact ACLs and firewall behaviour when sec levels are changed specially rules bound to outside interface.
The easiest way to access outside interface is through ssh as Sundar provided link shows, it is very easy to do, you will not run into problems as it would by changing sec levels back and forth.
Rgds
Jorge
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: