Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

help required in configuring telnet

Hi,

We have two PIX 515E firewalls working in HA mode.

I wanted to configure telnet access to firewalls from outside interface.

PIX version is 6.3(5)

I kept PC outside to outside interfaces.

PIX outside IP is 10.10.200.3, inside IP is 10.10.202.5 corresponding virtual IPs are 10.10.200.2 and 10.10.202.7

I have tried following configurations:

pix(config)#telnet 0 0 inside

pix(config)#telnet 0 0 outside

pix(config)#telnet 10.10.200.0 255.255.255.0 outside

pix(config)#telnet 10.10.202.0 255.255.255.0 inside

pix(config)#telnet 10.10.200.200 255.255.255.255 outside

I am able to telnet from internal interface side using inside ip address.

But from outside test pc with IP 10.10.200.200 I am not able to telnet to PIX.

I enabled logging console 5.

when I tried to telnet to outside virtual IP it is not showing any traffic to firewall.

If I try to outside interface I am able to see the traffic like

packets received from source 10.10.200.200 to 10.10.200.3

any help in this configuration. I wanted to telnet firewall from test pc.

Regards

SKRAO

1 ACCEPTED SOLUTION

Accepted Solutions
Bronze

Re: help required in configuring telnet

Hi Skrao,

PIX does not have the feature of allowing telnet from outside simply because it is insecure... the only way to have telnet from outside is by having an IPSec tunnel,

Alternatively, you can access the CLI from outside by SSH but you need to have something like the following commands:

FireWall# config t

FireWall(config)# ca zeroize rsa

FireWall(config)# ca generate rsa key 1024

FireWall(config)# ssh the_ssh_IP 255.255.255.255 outside

FireWall(config)# ca save all

You will use an SSH client like SecurCRT or PuTTy...

Don't forget to rate my post!

All the best

Osama

3 REPLIES
Bronze

Re: help required in configuring telnet

Hi Skrao,

PIX does not have the feature of allowing telnet from outside simply because it is insecure... the only way to have telnet from outside is by having an IPSec tunnel,

Alternatively, you can access the CLI from outside by SSH but you need to have something like the following commands:

FireWall# config t

FireWall(config)# ca zeroize rsa

FireWall(config)# ca generate rsa key 1024

FireWall(config)# ssh the_ssh_IP 255.255.255.255 outside

FireWall(config)# ca save all

You will use an SSH client like SecurCRT or PuTTy...

Don't forget to rate my post!

All the best

Osama

Silver

Re: help required in configuring telnet

This is the 6.X command sequence, but if you are using 7.X use the commands below to accomplish this...

FireWall# config t

FireWall(config)# crypto key zeroize rsa noconfirm

FireWall(config)# crypto key generate rsa usage-keys noconfirm

FireWall(config)# ssh the_ssh_IP 255.255.255.255 outside

FireWall(config)# ca save all

Pls rate if this helps.

Cheers.

Jay

Community Member

Re: help required in configuring telnet

Hi

You need to use SSH to connect to PIX from outside. telnet does not work from outside because of security reasons

114
Views
5
Helpful
3
Replies
CreatePlease to create content