cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
7535
Views
5
Helpful
12
Replies

Asa 5510 and telnet

Hi,

We have a problem with doing telnet to inside and outside interface. When we try to do, We received this message. Wha have permit any any in both interface but we can´t doing telnet.

Somebody know what we have doing  to solve it??

Version Asa is 8.2.5 model 5510

thanks.

%ASA-4-402117: IPSEC: Received a non-IPsec (protocol) packet from

remote_IP to local_IP.

1 Accepted Solution

Accepted Solutions

Hi Bro

You cannot telnet to an outside interface that has security-level 0. You can only ssh, to an outside interface with security-level 0. In general, if any interface that has a security level of 0 or lower than any other interface, then the PIX/ASA does not allow telnet to that interface.

However, if you’re still adamant that you’d like to telnet to the outside interface, then this can be achieved but the steps are too many, too much of an hassle. Well, in order to enable a Telnet session to the outside interface, configure IPsec on the outside interface to include IP traffic that is generated by the Cisco FW and enable Telnet on the outside interface.

It is not recommended to access the security appliance through a Telnet session. The authentication credential information, such as password, are sent as clear text. The Telnet server and client communication happens only with the clear text. Cisco recommends using SSH for a more secured data communication.

For further details on this, please do refer to this URL http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a008069bf1b.shtml

domain-name cisco.com

ssh version 2

crypto key generate rsa modulus 768

ssh 202.188.5.0 255.255.255.0 outside

telnet 192.168.10.13 255.255.255.255 inside

P/S: If you do find this comment useful, please do rate them nicely :-)

Warm regards,
Ramraj Sivagnanam Sivajanam

View solution in original post

12 Replies 12

hi,

add these line:

telnet inside

telnet outside

regards

V

please attach your config

Hi,

thanks for your soon answer.

But, we have the same issue.

We wrote the command  telnet 192.168.0.0 255.255.0.0 outside

Attached please find a picture.

if you need more config please let us know.

Thanks.

i see in the picture other subnet in telnet access: 10.161.0.0/16 not 192.168.0.0 255.255.0.0

Sorry , it is a mistake, the correct is

telnet 10.161.0.0 255.255.0.0 outside

what is the ip address of RDP-FJD ?

second:

do you have user o group enable to telnet?

exaple:

aaa authentication telnet LOCAL

RDP-FJD is 10.161.1.71

We haven´t group. We try to enter the sentence that you tell us but no run...

thanks

well,

you cannot configure telnet in outside interface or lowest interface, use ssh

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a008069bf1b.shtml#telnet

Note: You can enable Telnet to the security appliance on all interfaces. However, the security appliance enforces that all Telnet traffic to the outside interface be protected by IPsec. In order to enable a Telnet session to the outside interface, configure IPsec on the outside interface to include IP traffic that is generated by the security appliance and enable Telnet on the outside interface.

Note: In general, if any interface that has a security level of 0 or lower than any other interface, then PIX/ASA does not allow Telnet to that interface.

Regards

We try to doing like you tell us.

Thanks!!!.

Regards.

Hi Bro

You cannot telnet to an outside interface that has security-level 0. You can only ssh, to an outside interface with security-level 0. In general, if any interface that has a security level of 0 or lower than any other interface, then the PIX/ASA does not allow telnet to that interface.

However, if you’re still adamant that you’d like to telnet to the outside interface, then this can be achieved but the steps are too many, too much of an hassle. Well, in order to enable a Telnet session to the outside interface, configure IPsec on the outside interface to include IP traffic that is generated by the Cisco FW and enable Telnet on the outside interface.

It is not recommended to access the security appliance through a Telnet session. The authentication credential information, such as password, are sent as clear text. The Telnet server and client communication happens only with the clear text. Cisco recommends using SSH for a more secured data communication.

For further details on this, please do refer to this URL http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a008069bf1b.shtml

domain-name cisco.com

ssh version 2

crypto key generate rsa modulus 768

ssh 202.188.5.0 255.255.255.0 outside

telnet 192.168.10.13 255.255.255.255 inside

P/S: If you do find this comment useful, please do rate them nicely :-)

Warm regards,
Ramraj Sivagnanam Sivajanam

Hi,

I tested this confuguración and it works.

interface Ethernet0/1.82

vlan 82

nameif transito-asa-cpe

security-level 50

ip address 192.168.0.1 255.255.255.252

domain-name cisco.com

ssh version 2

crypto key generate rsa modulus 768

ssh Lan-FJD 255.255.0.0 outside

telnet 192.168.0.0 255.255.255.252 transito-asa-cpe

Thank you very much for your help.

Cheers.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: