access-list 111 permit tcp any host 22.214.171.124 eq telnet
access-list 111 permit tcp any host 126.96.36.199 eq 3389
aaa authentication include telnet inbound 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 LOCAL
aaa authentication include tcp/3389 inbound 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 LOCAL
virtual telnet 188.8.131.52
username cisco password cisco123
with the sample above, the remote user was attempting to establish a terminal session to the server behind the pix with private ip 192.168.1.101. first, the remote user will issue "telnet 184.108.40.206" from the pc. pix will then prompt for the username and password, which is cisco and cisco123. after authenticated, remote user can close the command prompt and kick off the terminal session destined for 220.127.116.11. i.e. the public ip of the server 192.168.1.101. further, 192.168.1.100 is an invisible host that shouldn't be used by any host, it should be reserved for the virtual telnet.
another thing is with v7, you can actually configure webvpn, which is clientless as well. in fact, this is much more secured than virtual telnet. for more details on webvpn:
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...