Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1185
Views
10
Helpful
4
Replies

PIX 501 Telnet through WAN

arun
Level 1
Level 1

‎12-12-2006 06:54 AM - edited ‎03-11-2019 02:07 AM

How to enable Telnet on PIX501 from the WAN port ? PIX501 is connected to static IP and telnet is required to remote user for remote configuration, PIX allows telnet from the inside ports but not from the WAN/outside port.

Labels:
0 Helpful
4 Replies 4

m.sir
Level 7
Level 7

‎12-12-2006 06:58 AM

its not possible to use telnet on outside interface of pix

Only one way is use SSH

check following link how to set up SSH on pix

http://www.ciscopress.com/articles/article.asp?p=25342&seqNum=3&rl=1

M.

hope that helps rate if it does

ajagadee
Cisco Employee
Cisco Employee

‎12-13-2006 09:45 PM

Arun,

You cannot telnet to the outside interface of the pix.

Couple of options:

1. Telnet to an internal host from outside and then telnet to the inside interface of the pix from that host.

2. You can do SSH to the outside interface of the pix

3. Telnet to the outside interface but the traffic has to be part of an IPSEC Traffic.

In your case, I think SSH would be good fit since it is simple to configure and provides encryption.

In order to have ssh access you need to have atleast VPN-DES enabled on your pix, please

go ahead and do a ?sh version? and make sure you at least VPN-DES enabled

Licensed Features:

Failover: Enabled

VPN-DES: Enabled

VPN-3DES-AES: Enabled

Maximum Interfaces: 6

Cut-through Proxy: Enabled

Guards: Enabled

URL-filtering: Enabled

Inside Hosts: Unlimited

Throughput: Unlimited

IKE peers: Unlimited

If by chance you don?t have at least VPN-DES enabled, please send the complete capture of

your sh version and send it to licensing@cisco.com, and request to have it enabled.

CONFIGURATION:

Set a domain name, for exmaple

domain-name cisco.com

Configure a telnet password, which I assume you already do

Pix(config)#passwd xxxx

You need to generate a ssh key, to generate the key you need to type the following

lines:

pix(config)#ca generate rsa key 1024

pix(config)#ssh 10.10.200.0 255.255.255.0 outside

pix(config)#ca save all

I use Putty Client for SSH and works fine. You can go to google and do a search for the software.

Let me know if it helps.

Regards,

Arul

** Please rate all helpful posts **

Rravelidc27
Level 1
Level 1

‎11-26-2010 10:39 AM

Thank you both for the help. Its very much appreciated. I have setup the SSH and key and the passwords. Now I have a problem logging in using Putty. I try to connect and it asks me for a login and password. I tried using nothing and I tried using cisco as the login, but neither work. I know the passwords are correct though. Do I need to create a login then?

0 Helpful

Kureli Sankar
Cisco Employee
Cisco Employee
In response to Rravelidc27

‎11-26-2010 11:39 AM

user "pix" without quotes for userID and the password. It should work.

You may create additional userIDs

conf t

username cisco password cisco123 priv 15

-KS

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card