03-01-2006 05:10 PM - edited 02-21-2020 12:44 AM
pls. help, i can ping my outside interface, how come i cannot telnet it, im just a novice, what command i need to add for my PIX firewall? thanks...
Solved! Go to Solution.
03-01-2006 05:25 PM
Howdy,
Enter in the following command to enable that:
telnet
The source network is the IP network from where you are telnetting in...
Hope that helps - pls rate the post if it does.
Paresh
03-01-2006 05:25 PM
Howdy,
Enter in the following command to enable that:
telnet
The source network is the IP network from where you are telnetting in...
Hope that helps - pls rate the post if it does.
Paresh
03-01-2006 08:07 PM
The PIX does not allow telnet on the outside interface, for security reason, just on the inside interface.
Use SSH which is encrypted instead.
Generate a key:
hostname cisco-pix
domain-name example.com
ca generate rsa key 1024
show ca mypubkey rsa
Save ssh key:
ca save all
Allow incomming ssh connections:
ssh ip_address [netmask] [interface_name]
sincerely
Patrick
03-01-2006 10:50 PM
hi patrick, i followed the instruction, however, when i command ca save all PIX does not accept it, instead i command ca save, is this the same? I used the command ssh 192.168.101.242(my ip address) 255.255.255.192 outside, but still i cannot telnet. Will I need to put a valid domain name? thanks a lot
03-01-2006 09:40 PM
thanks paresh
03-01-2006 09:47 PM
Can you advise if that worked ? Patrick is suggesting that this is not supported and now I also do remember reading that somewhere....So I was thinking that he was right about that.
Paresh.
03-01-2006 10:11 PM
Hi paresh, i followed your instruction. I added the command "telnet 192.168.101.192 255.255.255.192 outside", since this is my network id. My ip addr. is 192.168.101.242 255.255.255.192 and i can ping the outside interface, howcome still i cannot telnet.
I also try to put "telnet 192.168.101.242 255.255.255.192 outside but still i cannot telnet. why?
03-01-2006 10:32 PM
Hey Mate,
I went back and researched this a bit more and you do have to use SSH .. telnet will not work from the outside network.
I suggest that you implement Patrick's config to enable SSH.
Paresh
03-02-2006 12:41 AM
Hi
I have read all the comments below
also the file wat u have attached does not show the version..
Uplad the show version output.. to see if ur PIX supports DES.....?
for ssh to work from outside u also require DES...
Regards
Mayur
03-02-2006 03:46 AM
hi there u have to have domain-name with des license to work for ssh. telnet is not allowed on the outside unless it;s ipsec protected. if u have a site which is connectedt to pix. then run ipsec betwwen that site and pix . then u can telnet to the pix from the outside or ssh is the only last option. if u have any more queries abt this. reply back . see ya i hope this helps out to u
sebastan
03-02-2006 05:46 AM
The PIX should at least allow DES that is needed for SSH. Have you tryed to connect with an ssh client ?
ssh TCP/22
username = pix
or create a user on the pix:
username youruseranme password yourpassword priv 15
Free SSH client:
http://the.earth.li/~sgtatham/putty/latest/x86/putty.exe
http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
SSH config guide:
Using SSH for Remote System Management:
sincerely
Patrick
03-05-2006 06:12 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide