Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
410
Views
0
Helpful
4
Replies

Telnet to a PIX console from the outside

gbloise
Level 1
Level 1

‎12-05-2003 02:04 PM - edited ‎02-20-2020 11:08 PM

I am trying to remotely manage a PIX from a network in the Internet. According to Cisco, I can achieve this by IPSec and this is where I get confused. My idea is to create a user-to-site IPSec tunnel between my laptop to the PIX, get an IP address from inside and then telnet the PIX inside interface's IP address.

Is this the solution, or am I completely mistaken? If the latter, what would be the correct way to do it?

Thanks

0 Helpful
4 Replies 4

dancho
Level 1
Level 1

‎12-05-2003 04:50 PM

In the beginning,

the command to use telnet on PIX is:

pixfirewall(config)#telnet local_ip [network]

if you see I wrote local_ip, for two main reasons:

1)only localhosts can access it

2)the reason that there is no external access is , beacause if can't block its own connections why it's firewall ?

The solution you choose is too complex.

You can do the easiest one.You initied session with local server and configure it to redirect it to PIX.

You can use your own software, or standart OS RMTAC functions.

Peacefully,

Dancho

0 Helpful

bizsnatch
Level 1
Level 1
In response to dancho

‎12-05-2003 05:22 PM

Can you not use SSH on the outside interface?

instead of

pix(config)# telnet 12.12.12.12 255.255.255.255

Use

pix(config)# ssh 12.12.12.12 255.255.255.255 outside

0 Helpful

thiland
Level 3
Level 3
In response to bizsnatch

‎12-09-2003 11:47 PM

Just for completeness... to setup SSH (assuming your PIX OS supports it) do the following:

Configure hostname:

pix(config)#hostname PIX-01

Configure domain-name:

PIX-01(config)#domain-name domain.com

Generate RSA keys:

PIX-01(config)#ca gen rsa key 1024

Save your keys to NVRAM:

PIX-01(config)#ca save all

Allow outside access:

PIX-01(config)#ssh 1.1.1.1 255.255.255.255 outside

Done.

0 Helpful

sguerrero
Level 1
Level 1

‎12-23-2003 03:54 PM

Another solution is to enable DES, and open an SSH conection. You can connect with a public address from outside this way. Your solution is also OK, but I still recomend SSH connections instead of using telnet. you should need version 6 or greater to enable SSH

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card