cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1035
Views
0
Helpful
4
Replies

PIX rejecting telnet with IPSEC error

mjsully
Level 1
Level 1

I have a PIX 515 firewall. I have telnet enabled on the outside interface for a particular host. When I try to telnet from that host, the PIX logs the following: "%PIX-4-402117: IPSEC: Received a non-IPSec packet (protocol= tcp) from 172.16.1.1 to 172.16.1.2"

I have the following line in my config

telnet 172.16.1.1 255.255.255.255 outside

I thought that was all I needed?

4 Replies 4

rico_hao40
Level 1
Level 1

I think PIX only support ssh at outside interface.

try enable ssh on outside interface.

#crypto key generate rsa general-keys

But my issue is I am not using SSH, I want to use telnet. But when I try to telnet, it gives that ipsec error.

Pix does not allow telnet to the outside interface. It is a forced security feature.

Matt,

You cannot telnet to the outside interface of the pix.

Couple of options:

1. Telnet to an internal host from outside and then telnet to the inside interface of the pix from that host.

2. You can do SSH to the outside interface of the pix

3. Telnet to the outside interface but the traffic has to be part of an IPSEC Traffic.

In your case, I think SSH would be good fit since it is simple to configure and provides encryption.

In order to have ssh access you need to have atleast VPN-DES enabled on your pix, please

go ahead and do a ?sh version? and make sure you at least VPN-DES enabled

Licensed Features:

Failover: Enabled

VPN-DES: Enabled

VPN-3DES-AES: Enabled

Maximum Interfaces: 6

Cut-through Proxy: Enabled

Guards: Enabled

URL-filtering: Enabled

Inside Hosts: Unlimited

Throughput: Unlimited

IKE peers: Unlimited

If by chance you don?t have at least VPN-DES enabled, please send the complete capture of

your sh version and send it to licensing@cisco.com, and request to have it enabled.

CONFIGURATION:

Set a domain name, for exmaple

domain-name cisco.com

Configure a telnet password, which I assume you already do

Pix(config)#passwd xxxx

You need to generate a ssh key, to generate the key you need to type the following

lines:

pix(config)#ca generate rsa key 1024

pix(config)#ssh 172.16.1.1 255.255.255.255 outside

pix(config)#ca save all

I use Putty Client for SSH and works fine. You can go to google and do a search for the software.

Let me know if it helps.

Regards,

Arul

** Please rate all helpful posts **

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: