Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Asa 5510 and telnet

Hi,

We have a problem with doing telnet to inside and outside interface. When we try to do, We received this message. Wha have permit any any in both interface but we can´t doing telnet.

Somebody know what we have doing  to solve it??

Version Asa is 8.2.5 model 5510

thanks.

%ASA-4-402117: IPSEC: Received a non-IPsec (protocol) packet from

remote_IP to local_IP.

Everyone's tags (2)
1 ACCEPTED SOLUTION

Accepted Solutions

Asa 5510 and telnet

Hi Bro

You cannot telnet to an outside interface that has security-level 0. You can only ssh, to an outside interface with security-level 0. In general, if any interface that has a security level of 0 or lower than any other interface, then the PIX/ASA does not allow telnet to that interface.

However, if you’re still adamant that you’d like to telnet to the outside interface, then this can be achieved but the steps are too many, too much of an hassle. Well, in order to enable a Telnet session to the outside interface, configure IPsec on the outside interface to include IP traffic that is generated by the Cisco FW and enable Telnet on the outside interface.

It is not recommended to access the security appliance through a Telnet session. The authentication credential information, such as password, are sent as clear text. The Telnet server and client communication happens only with the clear text. Cisco recommends using SSH for a more secured data communication.

For further details on this, please do refer to this URL http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a008069bf1b.shtml

domain-name cisco.com

ssh version 2

crypto key generate rsa modulus 768

ssh 202.188.5.0 255.255.255.0 outside

telnet 192.168.10.13 255.255.255.255 inside

P/S: If you do find this comment useful, please do rate them nicely :-)

Warm regards, Ramraj Sivagnanam Sivajanam Technical Specialist/Service Delivery Manager – Managed Service Department
12 REPLIES
New Member

Asa 5510 and telnet

hi,

add these line:

telnet inside

telnet outside

regards

V

New Member

Asa 5510 and telnet

please attach your config

Asa 5510 and telnet

Hi,

thanks for your soon answer.

But, we have the same issue.

We wrote the command  telnet 192.168.0.0 255.255.0.0 outside

Attached please find a picture.

if you need more config please let us know.

Thanks.

New Member

Asa 5510 and telnet

i see in the picture other subnet in telnet access: 10.161.0.0/16 not 192.168.0.0 255.255.0.0

Asa 5510 and telnet

Sorry , it is a mistake, the correct is

telnet 10.161.0.0 255.255.0.0 outside

New Member

Asa 5510 and telnet

what is the ip address of RDP-FJD ?

New Member

Asa 5510 and telnet

second:

do you have user o group enable to telnet?

exaple:

aaa authentication telnet LOCAL

Asa 5510 and telnet

RDP-FJD is 10.161.1.71

We haven´t group. We try to enter the sentence that you tell us but no run...

thanks

New Member

Re: Asa 5510 and telnet

well,

you cannot configure telnet in outside interface or lowest interface, use ssh

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a008069bf1b.shtml#telnet

Note: You can enable Telnet to the security appliance on all interfaces. However, the security appliance enforces that all Telnet traffic to the outside interface be protected by IPsec. In order to enable a Telnet session to the outside interface, configure IPsec on the outside interface to include IP traffic that is generated by the security appliance and enable Telnet on the outside interface.

Note: In general, if any interface that has a security level of 0 or lower than any other interface, then PIX/ASA does not allow Telnet to that interface.

Regards

Asa 5510 and telnet

We try to doing like you tell us.

Thanks!!!.

Regards.

Asa 5510 and telnet

Hi Bro

You cannot telnet to an outside interface that has security-level 0. You can only ssh, to an outside interface with security-level 0. In general, if any interface that has a security level of 0 or lower than any other interface, then the PIX/ASA does not allow telnet to that interface.

However, if you’re still adamant that you’d like to telnet to the outside interface, then this can be achieved but the steps are too many, too much of an hassle. Well, in order to enable a Telnet session to the outside interface, configure IPsec on the outside interface to include IP traffic that is generated by the Cisco FW and enable Telnet on the outside interface.

It is not recommended to access the security appliance through a Telnet session. The authentication credential information, such as password, are sent as clear text. The Telnet server and client communication happens only with the clear text. Cisco recommends using SSH for a more secured data communication.

For further details on this, please do refer to this URL http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a008069bf1b.shtml

domain-name cisco.com

ssh version 2

crypto key generate rsa modulus 768

ssh 202.188.5.0 255.255.255.0 outside

telnet 192.168.10.13 255.255.255.255 inside

P/S: If you do find this comment useful, please do rate them nicely :-)

Warm regards, Ramraj Sivagnanam Sivajanam Technical Specialist/Service Delivery Manager – Managed Service Department

Asa 5510 and telnet

Hi,

I tested this confuguración and it works.

interface Ethernet0/1.82

vlan 82

nameif transito-asa-cpe

security-level 50

ip address 192.168.0.1 255.255.255.252

domain-name cisco.com

ssh version 2

crypto key generate rsa modulus 768

ssh Lan-FJD 255.255.0.0 outside

telnet 192.168.0.0 255.255.255.252 transito-asa-cpe

Thank you very much for your help.

Cheers.

3464
Views
5
Helpful
12
Replies
CreatePlease login to create content