Firewall access

Unanswered Question
Mar 16th, 2009
User Badges:

Hi.

We have setup two ASA's firewalls on our data centre. We need to have access to telnet the firewall from our other sites. I have added the command "telnet 0.0.0.0 0.0.0.0 R01Connect". R01 is the connection to the router that is connected to the IPWAN. I still can't access the firewall though. The only way is to log in to the switch which is connected to the firewall and then telnet to the ASA. Any ideas?


Thank you

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
bmcginn Mon, 03/16/2009 - 20:39
User Badges:
  • Bronze, 100 points or more

Hi Harry,


I don't think an ASA or a pix will allow a telnet session to itself coming to a high security interface.


Have you tried ssh?


You will need to create a user and password, tell the device to use its own local database for authentication, generate a key pair and allow access using the ssh command. I think you may need to ensure the acl allows it too.. but I am not 100% about that.


Brad

Bab L Mon, 03/16/2009 - 20:57
User Badges:

Hi and thanks for the reply.


The ASA is setup up with same-security interface access command so all interfaces have the same security level.

Also, I did setup SSH as well but that doesn't work from other sites as well.


Thank you

bmcginn Tue, 03/17/2009 - 00:20
User Badges:
  • Bronze, 100 points or more

Hello again,


Is the interface IP address reachable from the devices you are coming from?


Are you seeing any drops on the interface?


you can run a capture on the interface to see if the packets are arriving and leaving.


Brad

solpandor Tue, 03/17/2009 - 05:29
User Badges:

hi,

pleaese post the config. ASA's are accessible via SSH.


have you entered the range or host ip you are coming from in the config?


its difficult to advise without looking at the config


thanks

Actions

This Discussion