Cisco Support Community
Community Member

PIX rejecting telnet with IPSEC error

I have a PIX 515 firewall. I have telnet enabled on the outside interface for a particular host. When I try to telnet from that host, the PIX logs the following: "%PIX-4-402117: IPSEC: Received a non-IPSec packet (protocol= tcp) from to"

I have the following line in my config

telnet outside

I thought that was all I needed?

Community Member

Re: PIX rejecting telnet with IPSEC error

I think PIX only support ssh at outside interface.

try enable ssh on outside interface.

#crypto key generate rsa general-keys

Community Member

Re: PIX rejecting telnet with IPSEC error

But my issue is I am not using SSH, I want to use telnet. But when I try to telnet, it gives that ipsec error.

Community Member

Re: PIX rejecting telnet with IPSEC error

Pix does not allow telnet to the outside interface. It is a forced security feature.

Cisco Employee

Re: PIX rejecting telnet with IPSEC error


You cannot telnet to the outside interface of the pix.

Couple of options:

1. Telnet to an internal host from outside and then telnet to the inside interface of the pix from that host.

2. You can do SSH to the outside interface of the pix

3. Telnet to the outside interface but the traffic has to be part of an IPSEC Traffic.

In your case, I think SSH would be good fit since it is simple to configure and provides encryption.

In order to have ssh access you need to have atleast VPN-DES enabled on your pix, please

go ahead and do a ?sh version? and make sure you at least VPN-DES enabled

Licensed Features:

Failover: Enabled

VPN-DES: Enabled

VPN-3DES-AES: Enabled

Maximum Interfaces: 6

Cut-through Proxy: Enabled

Guards: Enabled

URL-filtering: Enabled

Inside Hosts: Unlimited

Throughput: Unlimited

IKE peers: Unlimited

If by chance you don?t have at least VPN-DES enabled, please send the complete capture of

your sh version and send it to, and request to have it enabled.


Set a domain name, for exmaple


Configure a telnet password, which I assume you already do

Pix(config)#passwd xxxx

You need to generate a ssh key, to generate the key you need to type the following


pix(config)#ca generate rsa key 1024

pix(config)#ssh outside

pix(config)#ca save all

I use Putty Client for SSH and works fine. You can go to google and do a search for the software.

Let me know if it helps.



** Please rate all helpful posts **

CreatePlease to create content