Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

help required in configuring telnet

Hi,

We have two PIX 515E firewalls working in HA mode.

I wanted to configure telnet access to firewalls from outside interface.

PIX version is 6.3(5)

I kept PC outside to outside interfaces.

PIX outside IP is 10.10.200.3, inside IP is 10.10.202.5 corresponding virtual IPs are 10.10.200.2 and 10.10.202.7

I have tried following configurations:

pix(config)#telnet 0 0 inside

pix(config)#telnet 0 0 outside

pix(config)#telnet 10.10.200.0 255.255.255.0 outside

pix(config)#telnet 10.10.202.0 255.255.255.0 inside

pix(config)#telnet 10.10.200.200 255.255.255.255 outside

I am able to telnet from internal interface side using inside ip address.

But from outside test pc with IP 10.10.200.200 I am not able to telnet to PIX.

I enabled logging console 5.

when I tried to telnet to outside virtual IP it is not showing any traffic to firewall.

If I try to outside interface I am able to see the traffic like

packets received from source 10.10.200.200 to 10.10.200.3

any help in this configuration. I wanted to telnet firewall from test pc.

Regards

SKRAO

4 REPLIES
Community Member

Re: help required in configuring telnet

Hi,

you are trying to defeat the very puppose of the firewall by trying to telnet from the outside

!!from the pix outside interface you cannot telnet in !!,

you can telnet through by creating access lists and statics

TRY ssh instead from the outside interface

Community Member

Re: help required in configuring telnet

Hi Raj,

I wanted to access PIX from outside world through outside interface. Can you send me the configuration required for this using access-lists and statics.

Regards

SKRAO

Community Member

Re: help required in configuring telnet

Hi,

What my sugestion is you can telnet through the pix ,not to the pix

try ssh it is much eaiser .

one more thing where are you located

i searched for the wipro data base with your name could not locate u.

I am a security engineer in wipro and would definately like to know where u have a box available as a test box

Cisco Employee

Re: help required in configuring telnet

SKRAO,

You cannot telnet to the outside interface of the pix.

Couple of options:

1. Telnet to an internal host from outside and then telnet to the inside interface of the pix from that host.

2. You can do SSH to the outside interface of the pix

3. Telnet to the outside interface but the traffic has to be part of an IPSEC Traffic.

In your case, I think SSH would be good fit since it is simple to configure and provides encryption.

In order to have ssh access you need to have atleast VPN-DES enabled on your pix, please

go ahead and do a ?sh version? and make sure you at least VPN-DES enabled

Licensed Features:

Failover: Enabled

VPN-DES: Enabled

VPN-3DES-AES: Enabled

Maximum Interfaces: 6

Cut-through Proxy: Enabled

Guards: Enabled

URL-filtering: Enabled

Inside Hosts: Unlimited

Throughput: Unlimited

IKE peers: Unlimited

If by chance you don?t have at least VPN-DES enabled, please send the complete capture of

your sh version and send it to licensing@cisco.com, and request to have it enabled.

CONFIGURATION:

Set a domain name, for exmaple

domain-name cisco.com

Configure a telnet password, which I assume you already do

Pix(config)#passwd xxxx

You need to generate a ssh key, to generate the key you need to type the following

lines:

pix(config)#ca generate rsa key 1024

pix(config)#ssh 10.10.200.0 255.255.255.0 outside

pix(config)#ca save all

I use Putty Client for SSH and works fine. You can go to google and do a search for the software.

Let me know if it helps.

Regards,

Arul

136
Views
5
Helpful
4
Replies
CreatePlease to create content