01-18-2006 12:10 PM - edited 02-21-2020 12:39 AM
Hi,
Please can someone help me. I'm really new to this so it might sound trivial you all.
We have just purchased a PIX 501 firewall and I'm trying to access the CLI I type telnet 192.168.1.1 (internal IP of 501) and it denys me access. Am I doing thiw wrong? please can someone advise.
Also:
I want to stop the firewall responding to pings on the outside interface. I have read documentation which stated to add the following line to the config file:
icmp deny any outside
However I have since read that you should allow "unreachable message 3 otherwise ipsec stops working please can someone tell me how to do this?
Also how to I find out what the IP address is on the external interface.
Forgive my basic questions. i work in a small office and have never had to do anything like this before!
01-18-2006 04:52 PM
by default telnet is not permitted. to configure, you need to console into the pix and do "telnet
not too sure why ipsec would stop working without pinging. perhaps, you may post the article.
in order to find out ip, do "sh ip" on the pix.
01-19-2006 06:04 AM
connect using a console cable and hyperterminal from your desktop/laptop.
You will need to enable telnet from the inside network.
config t
telnet 192.168.1.0 255.255.255.0 inside
This allows any host on the 192.168.1.0/24 network to access the firewall via telnet.
To allow icmp unreachables use an access list:
access-list 101 permit icmp any any unreachable
access-group 101 in interace outside
To find the outside ip address do a "sh int".
By default the pix501 will be setup to use dhcp on the outside interface.
Here is a link to the command reference.
01-19-2006 09:44 AM
hi thank you both very much for your help. I will give it a go.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide