Solved: Re: PIX_telnet

revilo3246 · ‎03-01-2006

pls. help, i can ping my outside interface, how come i cannot telnet it, im just a novice, what command i need to add for my PIX firewall? thanks...

pkhatri · ‎03-01-2006

Howdy,

Enter in the following command to enable that:

telnet outside

The source network is the IP network from where you are telnetting in...

Hope that helps - pls rate the post if it does.

Paresh

View solution in original post

pkhatri · ‎03-01-2006

Howdy,

Enter in the following command to enable that:

telnet outside

The source network is the IP network from where you are telnetting in...

Hope that helps - pls rate the post if it does.

Paresh

Patrick Iseli · ‎03-01-2006

The PIX does not allow telnet on the outside interface, for security reason, just on the inside interface.

Use SSH which is encrypted instead.

Generate a key:

hostname cisco-pix

domain-name example.com

ca generate rsa key 1024

show ca mypubkey rsa

Save ssh key:

ca save all

Allow incomming ssh connections:

ssh ip_address [netmask] [interface_name]

sincerely

Patrick

revilo3246 · ‎03-01-2006

hi patrick, i followed the instruction, however, when i command ca save all PIX does not accept it, instead i command ca save, is this the same? I used the command ssh 192.168.101.242(my ip address) 255.255.255.192 outside, but still i cannot telnet. Will I need to put a valid domain name? thanks a lot

revilo3246 · ‎03-01-2006

thanks paresh

pkhatri · ‎03-01-2006

Can you advise if that worked ? Patrick is suggesting that this is not supported and now I also do remember reading that somewhere....So I was thinking that he was right about that.

Paresh.

revilo3246 · ‎03-01-2006

Hi paresh, i followed your instruction. I added the command "telnet 192.168.101.192 255.255.255.192 outside", since this is my network id. My ip addr. is 192.168.101.242 255.255.255.192 and i can ping the outside interface, howcome still i cannot telnet.

I also try to put "telnet 192.168.101.242 255.255.255.192 outside but still i cannot telnet. why?

pkhatri · ‎03-01-2006

Hey Mate,

I went back and researched this a bit more and you do have to use SSH .. telnet will not work from the outside network.

I suggest that you implement Patrick's config to enable SSH.

Paresh

galamayur · ‎03-02-2006

Hi

I have read all the comments below

also the file wat u have attached does not show the version..

Uplad the show version output.. to see if ur PIX supports DES.....?

for ssh to work from outside u also require DES...

Regards

Mayur

sebastan_bach · ‎03-02-2006

hi there u have to have domain-name with des license to work for ssh. telnet is not allowed on the outside unless it;s ipsec protected. if u have a site which is connectedt to pix. then run ipsec betwwen that site and pix . then u can telnet to the pix from the outside or ssh is the only last option. if u have any more queries abt this. reply back . see ya i hope this helps out to u

sebastan

Patrick Iseli · ‎03-02-2006

The PIX should at least allow DES that is needed for SSH. Have you tryed to connect with an ssh client ?

ssh TCP/22

username = pix

or create a user on the pix:

username youruseranme password yourpassword priv 15

Free SSH client:

http://the.earth.li/~sgtatham/putty/latest/x86/putty.exe

http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html

SSH config guide:

Using SSH for Remote System Management:

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a0080172797.html#wp1034079

sincerely

Patrick

revilo3246 · ‎03-05-2006

Hi, pls. find attached file of the complete information about my PIX config.