Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Telnet to a PIX console from the outside

I am trying to remotely manage a PIX from a network in the Internet. According to Cisco, I can achieve this by IPSec and this is where I get confused. My idea is to create a user-to-site IPSec tunnel between my laptop to the PIX, get an IP address from inside and then telnet the PIX inside interface's IP address.

Is this the solution, or am I completely mistaken? If the latter, what would be the correct way to do it?


New Member

Re: Telnet to a PIX console from the outside

In the beginning,

the command to use telnet on PIX is:

pixfirewall(config)#telnet local_ip [network]

if you see I wrote local_ip, for two main reasons:

1)only localhosts can access it

2)the reason that there is no external access is , beacause if can't block its own connections why it's firewall ?

The solution you choose is too complex.

You can do the easiest one.You initied session with local server and configure it to redirect it to PIX.

You can use your own software, or standart OS RMTAC functions.



New Member

Re: Telnet to a PIX console from the outside

Can you not use SSH on the outside interface?

instead of

pix(config)# telnet


pix(config)# ssh outside


Re: Telnet to a PIX console from the outside

Just for completeness... to setup SSH (assuming your PIX OS supports it) do the following:

Configure hostname:

pix(config)#hostname PIX-01

Configure domain-name:


Generate RSA keys:

PIX-01(config)#ca gen rsa key 1024

Save your keys to NVRAM:

PIX-01(config)#ca save all

Allow outside access:

PIX-01(config)#ssh outside


New Member

Re: Telnet to a PIX console from the outside

Another solution is to enable DES, and open an SSH conection. You can connect with a public address from outside this way. Your solution is also OK, but I still recomend SSH connections instead of using telnet. you should need version 6 or greater to enable SSH