Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Telnet to a PIX console from the outside

I am trying to remotely manage a PIX from a network in the Internet. According to Cisco, I can achieve this by IPSec and this is where I get confused. My idea is to create a user-to-site IPSec tunnel between my laptop to the PIX, get an IP address from inside and then telnet the PIX inside interface's IP address.

Is this the solution, or am I completely mistaken? If the latter, what would be the correct way to do it?

Thanks

4 REPLIES
New Member

Re: Telnet to a PIX console from the outside

In the beginning,

the command to use telnet on PIX is:

pixfirewall(config)#telnet local_ip [network]

if you see I wrote local_ip, for two main reasons:

1)only localhosts can access it

2)the reason that there is no external access is , beacause if can't block its own connections why it's firewall ?

The solution you choose is too complex.

You can do the easiest one.You initied session with local server and configure it to redirect it to PIX.

You can use your own software, or standart OS RMTAC functions.

Peacefully,

Dancho

New Member

Re: Telnet to a PIX console from the outside

Can you not use SSH on the outside interface?

instead of

pix(config)# telnet 12.12.12.12 255.255.255.255

Use

pix(config)# ssh 12.12.12.12 255.255.255.255 outside

Bronze

Re: Telnet to a PIX console from the outside

Just for completeness... to setup SSH (assuming your PIX OS supports it) do the following:

Configure hostname:

pix(config)#hostname PIX-01

Configure domain-name:

PIX-01(config)#domain-name domain.com

Generate RSA keys:

PIX-01(config)#ca gen rsa key 1024

Save your keys to NVRAM:

PIX-01(config)#ca save all

Allow outside access:

PIX-01(config)#ssh 1.1.1.1 255.255.255.255 outside

Done.

New Member

Re: Telnet to a PIX console from the outside

Another solution is to enable DES, and open an SSH conection. You can connect with a public address from outside this way. Your solution is also OK, but I still recomend SSH connections instead of using telnet. you should need version 6 or greater to enable SSH

113
Views
0
Helpful
4
Replies