Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
592
Views
0
Helpful
9
Replies

How to permit Telnet to a PIX

daniel.bowen
Level 1
Level 1

‎10-05-2005 01:31 AM - edited ‎02-21-2020 12:26 AM

Hi There,

I have a PIX515 with an outside interface with address 10.6.10.140 - can somebody tell me what commands I need to enter on the PIX to be able to telnet to its outside interface from the LAN connected to that interface?

Many thanks,

Dan

0 Helpful
9 Replies 9

spremkumar
Level 9
Level 9

‎10-05-2005 04:06 AM

hi

i feel this link will be of some help to u in achieving the required telnet access config..

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v43/pix43cfg/pix43cmd.htm#xtocid58

regds

0 Helpful

Patrick Iseli
Level 7
Level 7
In response to spremkumar

‎10-05-2005 04:21 AM

Might be a better approach to use < ssh > instead of < telnet > at least it is encrypted. With this managment protocol nowbody can intercept your username an d password.

#Allow incomming ssh connections:

ssh ip_address [netmask] [interface_name]

ssh PublicIP 255.255.255.255 outside

If you do not have allready generated a RSA key then generate one:

hostname PIXFW

domain-name yourdomain.com

ca gen rsa key 1024

ca save all

To remove an old RSA key:

ca zeroize rsa key

#To ssh the public keys:

show ca mypubkey rsa

#Save ssh key:

ca save all

SSH client can but downloaded from:

http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html

sincerely

Patrick

0 Helpful

mehrdad
Level 3
Level 3

‎10-05-2005 04:09 AM

You can't be able to telnet to outside interface, you should use SSH.

ssh ip_address [netmask] [interface_name]

before that do the below commands :

hostname xxxxxxx

domain-name example.com

ca generate rsa key 1024

show ca mypubkey rsa

ca save all

0 Helpful

passmon
Level 1
Level 1
In response to mehrdad

‎10-05-2005 04:26 AM

yes, pix does not allow telnet to outside interface, it allows only ssh. In the inside interface, you can do both telnet and ssh.

0 Helpful

jackko
Level 7
Level 7

‎10-05-2005 04:35 AM

from memory, pix only allow ssh access to the outside interface, not telnet. it is because telnet is not secured as it is in clear text.

to configure ssh,

hostname xxx

domain-name xxx.com

ca generate rsa key 1024

ca save all

ssh outside

you need "ca save all" since the rsa key will not be saved by normal "wri mem" command.

0 Helpful

olsonc0510
Level 1
Level 1
In response to jackko

‎10-10-2005 10:03 AM

I've tried this. I get the message: VPN-DES is not enabled with current activation key. I am trying to get the PIX 525 to communicate with Cicsoworks. So far, only snmp RO is functioning. Due to the network, I do not have a connection to the inside interface. I tried with Telnet but no go, even with access lists. Any help would be appreciated.

Thanks

0 Helpful

pwicks
Level 1
Level 1
In response to olsonc0510

‎10-10-2005 02:05 PM

You can get a 56-bit DES activation key for your Pix by going to the following Cisco site: https://tools.cisco.com/SWIFT/Licensing/RegistrationServlet?FormId=120

Try it again after upgrading.

0 Helpful

jackko
Level 7
Level 7
In response to pwicks

‎10-10-2005 04:48 PM

you may get a new activation key for 3des/aes instead.

http://www.cisco.com/kobayashi/sw-center/ciscosecure/pix.shtml

0 Helpful

prchauha
Cisco Employee
Cisco Employee
In response to jackko

‎10-14-2005 02:34 PM

If all this does'nt work then just send and e-mail to licensing@cisco.com with detailed description of the issue.

Cheers...

Prashant Chauhan.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card