Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

PIX 501 Telnet through WAN

How to enable Telnet on PIX501 from the WAN port ? PIX501 is connected to static IP and telnet is required to remote user for remote configuration, PIX allows telnet from the inside ports but not from the WAN/outside port.

4 REPLIES
Gold

Re: PIX 501 Telnet through WAN

its not possible to use telnet on outside interface of pix

Only one way is use SSH

check following link how to set up SSH on pix

http://www.ciscopress.com/articles/article.asp?p=25342&seqNum=3&rl=1

M.

hope that helps rate if it does

Cisco Employee

Re: PIX 501 Telnet through WAN

Arun,

You cannot telnet to the outside interface of the pix.

Couple of options:

1. Telnet to an internal host from outside and then telnet to the inside interface of the pix from that host.

2. You can do SSH to the outside interface of the pix

3. Telnet to the outside interface but the traffic has to be part of an IPSEC Traffic.

In your case, I think SSH would be good fit since it is simple to configure and provides encryption.

In order to have ssh access you need to have atleast VPN-DES enabled on your pix, please

go ahead and do a ?sh version? and make sure you at least VPN-DES enabled

Licensed Features:

Failover: Enabled

VPN-DES: Enabled

VPN-3DES-AES: Enabled

Maximum Interfaces: 6

Cut-through Proxy: Enabled

Guards: Enabled

URL-filtering: Enabled

Inside Hosts: Unlimited

Throughput: Unlimited

IKE peers: Unlimited

If by chance you don?t have at least VPN-DES enabled, please send the complete capture of

your sh version and send it to licensing@cisco.com, and request to have it enabled.

CONFIGURATION:

Set a domain name, for exmaple

domain-name cisco.com

Configure a telnet password, which I assume you already do

Pix(config)#passwd xxxx

You need to generate a ssh key, to generate the key you need to type the following

lines:

pix(config)#ca generate rsa key 1024

pix(config)#ssh 10.10.200.0 255.255.255.0 outside

pix(config)#ca save all

I use Putty Client for SSH and works fine. You can go to google and do a search for the software.

Let me know if it helps.

Regards,

Arul

** Please rate all helpful posts **

Community Member

Re: PIX 501 Telnet through WAN

Thank you both for the help. Its very much appreciated. I have setup the SSH and key and the passwords. Now I have a problem logging in using Putty. I try to connect and it asks me for a login and password. I tried using nothing and I tried using cisco as the login, but neither work. I know the passwords are correct though. Do I need to create a login then?

Cisco Employee

Re: PIX 501 Telnet through WAN

user "pix" without quotes for userID and the password. It should work.

You may create additional userIDs

conf t

username cisco password cisco123 priv 15

-KS

954
Views
10
Helpful
4
Replies
CreatePlease to create content