Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

PIX_telnet

pls. help, i can ping my outside interface, how come i cannot telnet it, im just a novice, what command i need to add for my PIX firewall? thanks...

1 ACCEPTED SOLUTION

Accepted Solutions
Purple

Re: PIX_telnet

Howdy,

Enter in the following command to enable that:

telnet outside

The source network is the IP network from where you are telnetting in...

Hope that helps - pls rate the post if it does.

Paresh

11 REPLIES
Purple

Re: PIX_telnet

Howdy,

Enter in the following command to enable that:

telnet outside

The source network is the IP network from where you are telnetting in...

Hope that helps - pls rate the post if it does.

Paresh

Re: PIX_telnet

The PIX does not allow telnet on the outside interface, for security reason, just on the inside interface.

Use SSH which is encrypted instead.

Generate a key:

hostname cisco-pix

domain-name example.com

ca generate rsa key 1024

show ca mypubkey rsa

Save ssh key:

ca save all

Allow incomming ssh connections:

ssh ip_address [netmask] [interface_name]

sincerely

Patrick

New Member

Re: PIX_telnet

hi patrick, i followed the instruction, however, when i command ca save all PIX does not accept it, instead i command ca save, is this the same? I used the command ssh 192.168.101.242(my ip address) 255.255.255.192 outside, but still i cannot telnet. Will I need to put a valid domain name? thanks a lot

New Member

Re: PIX_telnet

thanks paresh

Purple

Re: PIX_telnet

Can you advise if that worked ? Patrick is suggesting that this is not supported and now I also do remember reading that somewhere....So I was thinking that he was right about that.

Paresh.

New Member

Re: PIX_telnet

Hi paresh, i followed your instruction. I added the command "telnet 192.168.101.192 255.255.255.192 outside", since this is my network id. My ip addr. is 192.168.101.242 255.255.255.192 and i can ping the outside interface, howcome still i cannot telnet.

I also try to put "telnet 192.168.101.242 255.255.255.192 outside but still i cannot telnet. why?

Purple

Re: PIX_telnet

Hey Mate,

I went back and researched this a bit more and you do have to use SSH .. telnet will not work from the outside network.

I suggest that you implement Patrick's config to enable SSH.

Paresh

New Member

Re: PIX_telnet

Hi

I have read all the comments below

also the file wat u have attached does not show the version..

Uplad the show version output.. to see if ur PIX supports DES.....?

for ssh to work from outside u also require DES...

Regards

Mayur

New Member

Re: PIX_telnet

hi there u have to have domain-name with des license to work for ssh. telnet is not allowed on the outside unless it;s ipsec protected. if u have a site which is connectedt to pix. then run ipsec betwwen that site and pix . then u can telnet to the pix from the outside or ssh is the only last option. if u have any more queries abt this. reply back . see ya i hope this helps out to u

sebastan

Re: PIX_telnet

The PIX should at least allow DES that is needed for SSH. Have you tryed to connect with an ssh client ?

ssh TCP/22

username = pix

or create a user on the pix:

username youruseranme password yourpassword priv 15

Free SSH client:

http://the.earth.li/~sgtatham/putty/latest/x86/putty.exe

http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html

SSH config guide:

Using SSH for Remote System Management:

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a0080172797.html#wp1034079

sincerely

Patrick

New Member

Re: PIX_telnet

Hi, pls. find attached file of the complete information about my PIX config.

199
Views
4
Helpful
11
Replies