Cisco Support Community
Community Member

Telnet access within security context

We have enebaled telnet access on a security context and recive a telnet connection but no prompt. Is there anything special you need to do on a context to get telent working on a context. The device I am using to telnet from is a device within the same context network and both the firewall and host can ping the address I want to telnet to. Here is the telnet config we are using on the context.

telnet ##.##.##.## TEST

telnet timeout 5

passwd ########


Re: Telnet access within security context

You need a < passwd > and the < enable password > and the < telnet > command to allow telnet management connections.

BUT ....

Telnet access is just working on a security level higher than 0. This means that it will not work from the outside interface. The PIX does not allow that, of course it would be unsecure to use a that protocol which is not encrypted.

Might be better to use ssh to do that !


Generate a key:

hostname cisco-pix


ca generate rsa key 1024

show ca mypubkey rsa

Save ssh key:

ca save all

Allow incomming ssh connections:

ssh ip_address [netmask] [interface_name]




Community Member

Re: Telnet access within security context

We have enabled all the normal telnet configuration that you would use on non context cisco devices. However when we open a telnet session to a context to manage it, the telnet session connects and opens but nothing happens there is no propmt like normal. All enable and telnet passwords have been configured. Telnet has been enabled on the correct context interface. Do you need to do anything on the system configuration as well? Also is there any information on managing individual contexts via SNMP?

Re: Telnet access within security context

The FWSM allows Telnet connections to the FWSM for management purposes. You cannot use Telnet to the lowest security interface unless you use Telnet inside an IPSec tunnel.

You need a minimal config on the admin context with basic IP settings for at least one interface and a default route.

Might also be a good idea to check the state of the interfaces/vlans in the system context.

No have not used SNMP to manage the FWSM.

Take a look in the docs:



CreatePlease to create content