10-05-2005 01:31 AM - edited 02-21-2020 12:26 AM
Hi There,
I have a PIX515 with an outside interface with address 10.6.10.140 - can somebody tell me what commands I need to enter on the PIX to be able to telnet to its outside interface from the LAN connected to that interface?
Many thanks,
Dan
10-05-2005 04:06 AM
hi
i feel this link will be of some help to u in achieving the required telnet access config..
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v43/pix43cfg/pix43cmd.htm#xtocid58
regds
10-05-2005 04:21 AM
Might be a better approach to use < ssh > instead of < telnet > at least it is encrypted. With this managment protocol nowbody can intercept your username an d password.
#Allow incomming ssh connections:
ssh ip_address [netmask] [interface_name]
ssh PublicIP 255.255.255.255 outside
If you do not have allready generated a RSA key then generate one:
hostname PIXFW
domain-name yourdomain.com
ca gen rsa key 1024
ca save all
To remove an old RSA key:
ca zeroize rsa key
#To ssh the public keys:
show ca mypubkey rsa
#Save ssh key:
ca save all
SSH client can but downloaded from:
http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
sincerely
Patrick
10-05-2005 04:09 AM
You can't be able to telnet to outside interface, you should use SSH.
ssh ip_address [netmask] [interface_name]
before that do the below commands :
hostname xxxxxxx
domain-name example.com
ca generate rsa key 1024
show ca mypubkey rsa
ca save all
10-05-2005 04:26 AM
yes, pix does not allow telnet to outside interface, it allows only ssh. In the inside interface, you can do both telnet and ssh.
10-05-2005 04:35 AM
from memory, pix only allow ssh access to the outside interface, not telnet. it is because telnet is not secured as it is in clear text.
to configure ssh,
hostname xxx
domain-name xxx.com
ca generate rsa key 1024
ca save all
ssh
you need "ca save all" since the rsa key will not be saved by normal "wri mem" command.
10-10-2005 10:03 AM
I've tried this. I get the message: VPN-DES is not enabled with current activation key. I am trying to get the PIX 525 to communicate with Cicsoworks. So far, only snmp RO is functioning. Due to the network, I do not have a connection to the inside interface. I tried with Telnet but no go, even with access lists. Any help would be appreciated.
Thanks
10-10-2005 02:05 PM
You can get a 56-bit DES activation key for your Pix by going to the following Cisco site: https://tools.cisco.com/SWIFT/Licensing/RegistrationServlet?FormId=120
Try it again after upgrading.
10-10-2005 04:48 PM
you may get a new activation key for 3des/aes instead.
http://www.cisco.com/kobayashi/sw-center/ciscosecure/pix.shtml
10-14-2005 02:34 PM
If all this does'nt work then just send and e-mail to licensing@cisco.com with detailed description of the issue.
Cheers...
Prashant Chauhan.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide