Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

need to telnet to outside int of ASA and PIX

I have a site to site connection setup between an ASA 5510 and a PIX 501. I have the ASA's inside 10.1.1.x network being able to access the PIX's 10.2.2.x network. That is working fine. However, I need to be able to access both the ASA and PIX's outside interfaces with telnet. I know the ASA requires a vpn, not sure about the PIX. how do I set up the vpn config to telnet to the outside address? Obviously the outside address is not part of the existing vpn config allowing the inside networks to talk, so I'm unsure of how to do that. Say my outside address on the ASA was 2.2.2.2 and the PIX was 4.4.4.4. How would I set that piece up?

6 REPLIES
New Member

Re: need to telnet to outside int of ASA and PIX

on both you need to define a source IP that wil be cocming in to manage the device. I don't necessarily recommend telnet you should really use ssh. that being said,

on the PIX telnet (example) 0.0.0.0 0.0.0.0 outside this allows all devices to telnet into outside interface.

On the asa same thing telnet 0.0.0.0 0.0.0.0 outside

definitely want to narrow it down though.

if your SIP was 1.2.3.4 for example

telnet 1.2.3.4 255.255.255.255 outside

New Member

Re: need to telnet to outside int of ASA and PIX

doesn't the telnet session on the ASA need to be via vpn? wouldn't there be additional commands I would need?

Green

Re: need to telnet to outside int of ASA and PIX

You cannot telnet to outside interface of pix or asa. If you want to do it through a vpn you need to add "management-access inside" and telnet to the inside interface.

Gold

Re: need to telnet to outside int of ASA and PIX

you can telnet to the outside of a pix/asa as long as it's over a vpn, and management-access outside is configured.

New Member

Re: need to telnet to outside int of ASA and PIX

Actually you can.

The telnet command lets you specify which hosts can access the security appliance console with Telnet. You can enable Telnet to the security appliance on all interfaces. But, the security appliance enforces that all Telnet traffic to the outside interface be protected by IPsec. In order to enable a Telnet session to the outside interface, configure IPsec on the outside interface to include IP traffic that is generated by the security appliance and enable Telnet on the outside interface.

However you are correct that to telnet through the vpn you need to do what you are describing. I was under the impression that the telnet was outside of the vpn.

Still should use SSH though.

New Member

Re: need to telnet to outside int of ASA and PIX

do due to the security region u can't able to access the firewall outside interface by using the telnet. U can use the ssh for the outside access.

239
Views
0
Helpful
6
Replies