telnet access to a ASA5510

srosenthal · ‎09-28-2007

I have an ASA 5510 that is position between an inside router and outside router. I can access the ASA with ASDM remotely with no problem. I cannot however access the ASA via telnet. I have the outside routers address listed as a host for telnet into the ASA.

When I try to telnet from the outside router I get connected but never get any response.

What I am trying to accomplish is to be able to telnet to the outside router, then the ASA and then on into the inside network.

Also, I thought there was a way to map an outside address to map me right to the inside router. Under the PIX, I thought that was a conduit.

Any help would be appreciated.

thomasdzubin · ‎09-28-2007

I ran into the same problem at one of my sites where my "outside" router was an old 1710 router which just had the IP BASE license and it didn't have any encryption features and thus no SSH. After an hour of investigating, I found that you CANNOT use Telnet on any PIX or ASA firewall OUTSIDE interface unless it is via an IPSEC tunnel. So unfortunately, the answer to your question is: NO, you cannot use Telnet to access the ASA via an outside interface and there is no way around it and no fix is available because it is designed that way. Sorry.

This restriction is mentioned in various Cisco docs, but it isn't obvious, here's one reference that mentions it:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a008069bf1b.shtml#telnet

srosenthal · ‎09-28-2007

Ok, I can understand that.

The router I am using is a 3845 running spservices. Any info on how to set it up for an IPsec tunnel to the firewall?

Seth