Cisco Support Community
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

telnet to outside interface of pix

We have a pix firewalling a small lab in our company with the outside interface connected to one of our local lan's.

Other than setting telnet 192.168.x.x outside , is there anything else that is required?



Re: telnet to outside interface of pix


PIX/ASA does not support telnet on outside interface. You can access it via SSH from the outside.

Have a look at this link for SSH setup.



Community Member

Re: telnet to outside interface of pix

I have setup a username, password, the ssh key

and all that looks good but when I then try to ssh I get invalid username password, even though I have re-entered the userame and password several times.

The version is 6.3

Community Member

Re: telnet to outside interface of pix

Got it figured out, thanks all..

After clearing out the old aaa commands (WHAT A PAIN!), then issueing:

aaa authentication ssh console LOCAL

It then authenticated to the local database.

This article lead me to it:


Community Member

Re: telnet to outside interface of pix


Like Mike says you can't cisco firewalls via telnetting to the outside interface.

but there is a work around if you need it, you can raise the security level of the interface to 100 hence you can telnet to it.

Please keep me updated with your case.



Community Member

Re: telnet to outside interface of pix

I remember trying this once before. If memory serves me correctly, I also had to change the inside level to 10 and the FW reconfigured a few things that caused some other problems.

Re: telnet to outside interface of pix

Personally I would not recommend outside interface reconfig as sec level of 100 for accomplishing simple telnet access via outside interface, unless you have the firewall in a LAB and want to experiment with firewall then is fine. Changes to sec level on an already configured firewall with rules will impact ACLs and firewall behaviour when sec levels are changed specially rules bound to outside interface.

The easiest way to access outside interface is through ssh as Sundar provided link shows, it is very easy to do, you will not run into problems as it would by changing sec levels back and forth.



CreatePlease to create content