Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

PIX telnet / traceroute

Anybody know why you can't telnet or traceroute from a PIX?

What's up with that?

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: PIX telnet / traceroute

I have submitted an enhancement request to add the telnet and traceroute commands for the PIX Developers to consider.

Let's see what happens in the upcoming major releases.

peter

5 REPLIES
Cisco Employee

Re: PIX telnet / traceroute

It is a security feature of the Pix.

The Pix is a secure firewall with a closed OS.

peter

New Member

Re: PIX telnet / traceroute

How does preventing telnet or traceroute make the firewall more secure?

Is this part of Cisco's claim that the PIX doesn't have a full TCP/IP stack for some reason? I'm not trying to pick a fight here, just wish I could friggin traceroute or telnet to other machines while working on the PIX.

Cisco Employee

Re: PIX telnet / traceroute

Sure - I understand your points. Let's hope a DE will respond to give their viewpoint.

One feature introduced in 6.3 was a management interface command. This command permits pinging or telneting to the inside interface on the pix over a vpn tunnel.

I was told by DEs that this was not permitted by design. Enough people asked for the command to modify this default behavior if they understood and accepted the risks.

Maybe the same can be done for traceroute and telnet.

How do others feel? I can submit an enhancement request for the next Pix version and we can see where it goes.

peter

New Member

Re: PIX telnet / traceroute

Please do submit an enhancement request. I like how the default on PIX is always "No" (keeps me from shooting myself in the foot), but I'd like to be able to choose to enable other features at my own risk- for example, I like how you can't telnet to the outside interface by default, but I'd like to be able to choose to enable this feature if I want. I'm a big boy, I know the risks.

If I could turn on telnet or traceroute for testing and troubleshooting, I can always turn it back off when I'm done.

Cisco Employee

Re: PIX telnet / traceroute

I have submitted an enhancement request to add the telnet and traceroute commands for the PIX Developers to consider.

Let's see what happens in the upcoming major releases.

peter

202
Views
1
Helpful
5
Replies
CreatePlease to create content