Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

How to permit Telnet to a PIX

Hi There,

I have a PIX515 with an outside interface with address 10.6.10.140 - can somebody tell me what commands I need to enter on the PIX to be able to telnet to its outside interface from the LAN connected to that interface?

Many thanks,

Dan

9 REPLIES

Re: How to permit Telnet to a PIX

hi

i feel this link will be of some help to u in achieving the required telnet access config..

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v43/pix43cfg/pix43cmd.htm#xtocid58

regds

Re: How to permit Telnet to a PIX

Might be a better approach to use < ssh > instead of < telnet > at least it is encrypted. With this managment protocol nowbody can intercept your username an d password.

#Allow incomming ssh connections:

ssh ip_address [netmask] [interface_name]

ssh PublicIP 255.255.255.255 outside

If you do not have allready generated a RSA key then generate one:

hostname PIXFW

domain-name yourdomain.com

ca gen rsa key 1024

ca save all

To remove an old RSA key:

ca zeroize rsa key

#To ssh the public keys:

show ca mypubkey rsa

#Save ssh key:

ca save all

SSH client can but downloaded from:

http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html

sincerely

Patrick

Bronze

Re: How to permit Telnet to a PIX

You can't be able to telnet to outside interface, you should use SSH.

ssh ip_address [netmask] [interface_name]

before that do the below commands :

hostname xxxxxxx

domain-name example.com

ca generate rsa key 1024

show ca mypubkey rsa

ca save all

New Member

Re: How to permit Telnet to a PIX

yes, pix does not allow telnet to outside interface, it allows only ssh. In the inside interface, you can do both telnet and ssh.

Gold

Re: How to permit Telnet to a PIX

from memory, pix only allow ssh access to the outside interface, not telnet. it is because telnet is not secured as it is in clear text.

to configure ssh,

hostname xxx

domain-name xxx.com

ca generate rsa key 1024

ca save all

ssh outside

you need "ca save all" since the rsa key will not be saved by normal "wri mem" command.

New Member

Re: How to permit Telnet to a PIX

I've tried this. I get the message: VPN-DES is not enabled with current activation key. I am trying to get the PIX 525 to communicate with Cicsoworks. So far, only snmp RO is functioning. Due to the network, I do not have a connection to the inside interface. I tried with Telnet but no go, even with access lists. Any help would be appreciated.

Thanks

New Member

Re: How to permit Telnet to a PIX

You can get a 56-bit DES activation key for your Pix by going to the following Cisco site: https://tools.cisco.com/SWIFT/Licensing/RegistrationServlet?FormId=120

Try it again after upgrading.

Gold

Re: How to permit Telnet to a PIX

you may get a new activation key for 3des/aes instead.

http://www.cisco.com/kobayashi/sw-center/ciscosecure/pix.shtml

Cisco Employee

Re: How to permit Telnet to a PIX

If all this does'nt work then just send and e-mail to licensing@cisco.com with detailed description of the issue.

Cheers...

Prashant Chauhan.

176
Views
0
Helpful
9
Replies
CreatePlease to create content