Firewall access

Bab L · ‎03-16-2009

Hi.

We have setup two ASA's firewalls on our data centre. We need to have access to telnet the firewall from our other sites. I have added the command "telnet 0.0.0.0 0.0.0.0 R01Connect". R01 is the connection to the router that is connected to the IPWAN. I still can't access the firewall though. The only way is to log in to the switch which is connected to the firewall and then telnet to the ASA. Any ideas?

Thank you

bmcginn · ‎03-16-2009

Hi Harry,

I don't think an ASA or a pix will allow a telnet session to itself coming to a high security interface.

Have you tried ssh?

You will need to create a user and password, tell the device to use its own local database for authentication, generate a key pair and allow access using the ssh command. I think you may need to ensure the acl allows it too.. but I am not 100% about that.

Brad

Bab L · ‎03-16-2009

Hi and thanks for the reply.

The ASA is setup up with same-security interface access command so all interfaces have the same security level.

Also, I did setup SSH as well but that doesn't work from other sites as well.

Thank you

bmcginn · ‎03-17-2009

Hello again,

Is the interface IP address reachable from the devices you are coming from?

Are you seeing any drops on the interface?

you can run a capture on the interface to see if the packets are arriving and leaving.

Brad

SOL10 · ‎03-17-2009

hi,

pleaese post the config. ASA's are accessible via SSH.

have you entered the range or host ip you are coming from in the config?

its difficult to advise without looking at the config

thanks

Bab L · ‎03-17-2009

Hi.

Please find config attached.

Thank you