cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
822
Views
4
Helpful
6
Replies

telnet to outside interface of pix

jonesm111
Level 1
Level 1

We have a pix firewalling a small lab in our company with the outside interface connected to one of our local lan's.

Other than setting telnet 192.168.x.x 255.255.0.0 outside , is there anything else that is required?

---Mike

6 Replies 6

Mike

PIX/ASA does not support telnet on outside interface. You can access it via SSH from the outside.

Have a look at this link for SSH setup.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a008069bf1b.shtml#configs

HTH

Sundar

I have setup a username, password, the ssh key

and all that looks good but when I then try to ssh I get invalid username password, even though I have re-entered the userame and password several times.

The version is 6.3

Got it figured out, thanks all..

After clearing out the old aaa commands (WHAT A PAIN!), then issueing:

aaa authentication ssh console LOCAL

It then authenticated to the local database.

This article lead me to it:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00800949d6.shtml

--Mike

Hi,

Like Mike says you can't cisco firewalls via telnetting to the outside interface.

but there is a work around if you need it, you can raise the security level of the interface to 100 hence you can telnet to it.

Please keep me updated with your case.

B.regards,

M.Moustafa.

I remember trying this once before. If memory serves me correctly, I also had to change the inside level to 10 and the FW reconfigured a few things that caused some other problems.

Personally I would not recommend outside interface reconfig as sec level of 100 for accomplishing simple telnet access via outside interface, unless you have the firewall in a LAB and want to experiment with firewall then is fine. Changes to sec level on an already configured firewall with rules will impact ACLs and firewall behaviour when sec levels are changed specially rules bound to outside interface.

The easiest way to access outside interface is through ssh as Sundar provided link shows, it is very easy to do, you will not run into problems as it would by changing sec levels back and forth.

Rgds

Jorge

Jorge Rodriguez
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: