03-30-2004 06:09 PM - edited 02-20-2020 11:19 PM
I have try shown below,but failed.
ssh x.x.x.x x.x.x.x outside
ssh timeout 5
My Topology is:
LAN-(inside)PIX(outside)-(ethernet)ROUTER(WAN)--Internet
I want to telnet PIX(outside) from router(ethernet).
How to do it?Thanks a lot everybody.
Waiting for your useful help.
Mailto: jacky_xie@cn.cnlink.net
03-30-2004 06:47 PM
Hi this is the step to SSH:
1. Generate RSA key,
> ca generate rsa key
you can use 512,1024,2048 (2048 preferred)
2. Now you'll need to save using:
> ca save all
3. You'll need to configure ssh access on the PIX, so do the following:
> ssh
OR
> ssh 0.0.0.0 0.0.0.0 outside - With this you can connect from any public address.
4. You can view you generated public key on the PIX by issuing:
> sho ca mypubkey rsa
04-03-2004 02:51 AM
According for your helpful instance.But I still can not telnet to pix from the outside interface.My configuration procedure as shown:
pixfirewall# config t
pixfirewall(config)# ca generate rsa key 512
Please use domain-name to configure Domain name first.
pixfirewall(config)# domain-name pix.com
pixfirewall(config)# ca generate rsa key 512
% Key pair was generated at: 01:36:51 UTC Apr 3 2004
Key name: pixfirewall.cisco.com
Usage: General Purpose Key
Key Data:
305c300d 06092a86 4886f70d 01010105 00034b00 30480241 00ec6c10 8b82cd64
148071f3 76228c13 5d98d156 c1ee555c c6df2f65 38345e12 f2b293c9 db77a780
fa910c77 bcd7d4eb 6bbcd02b 7a529829 e4fb3a09 3e010349 11020301 0001
Remove all keys from the key ring ? [yes]
Keypair generation process begin.
.Success.
pixfirewall(config)# ca save all
pixfirewall(config)#
pixfirewall(config)# ssh 0.0.0.0 0.0.0.0 outside
pixfirewall(config)#
pixfirewall# show run
: Saved
:
PIX Version 6.3(1)
interface ethernet0 auto
interface ethernet1 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password xxxxx
passwd xxxxx
hostname pixfirewall
domain-name pix.com
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol ils 389
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
names
pager lines 24
mtu outside 1500
mtu inside 1500
ip address outside 192.168.100.1 255.255.255.0
ip address inside 192.168.1.254 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
pdm history enable
arp timeout 14400
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 outside
ssh timeout 5
console timeout 0
terminal width 80
Cryptochecksum:xxxx
: end
pixfirewall#
Any other wrong with my configuration?
Thanks a lot !
04-05-2004 07:39 PM
Hi,
Looks fine with the config. Have you try to used "putty" (telnet program for ssh-can be search at google). Try to ssh from putty.
HATO
03-31-2004 10:13 AM
you can not telnet to PIX(outside)
you need use ssh, or you may establish vpn connection to PIX and when use telnet.
Aleksey
04-15-2004 04:44 AM
Hi,
I usually configure the PIX for CVPN Client access, then allow addresses from the dialup pool to telnet from the inside
telnet X.X.X.X 255.255.255.255 inside
Then add
manaegement-access inside
You can then establish a VPN from a client and then telnet to the inside address
This is probably old news but it might help
Cheers Tony
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide