Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
712
Views
5
Helpful
3
Replies

Telnet/SSH to PIX Outside interface

Go to solution
mister-daniel
Level 1
Level 1

‎07-10-2005 11:58 AM - edited ‎02-21-2020 12:15 AM

Hi All

Is it possible to allow a telnet or ssh connection to a PIX via the outside interface? The documentation I have (seems to) state that telnet access via the outside interface 'requires' IPSEC - it is not made clear whether this is a recommendation or requirement.

Also, the documentation states that no traffic will pass through a PIX if the inside and outside interface are configured with the same security level - does this mean that no traffic will pass 'full-stop'; or traffic will pass if the appropriate ACLs/conduits are configured?

Thanks-in-Advance

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
johansens
Level 4
Level 4

‎07-10-2005 01:35 PM

You can't telnet to the outside interface, but you can SSH to it:

http://www.ciscotaccc.com/security/showcase?case=K75783563

Traffic will be able to pass on same security level if you run a current version (>=7.0) of the PIX and configure the "same-security-traffic permit inter-interface" feature:

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a0080450b7c.html#wp1039276

View solution in original post

0 Helpful
3 Replies 3

Go to solution
johansens
Level 4
Level 4

‎07-10-2005 01:35 PM

You can't telnet to the outside interface, but you can SSH to it:

http://www.ciscotaccc.com/security/showcase?case=K75783563

Traffic will be able to pass on same security level if you run a current version (>=7.0) of the PIX and configure the "same-security-traffic permit inter-interface" feature:

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a0080450b7c.html#wp1039276

0 Helpful

Go to solution
fausto-oliveira
Level 1
Level 1

‎07-11-2005 01:44 AM

You can work around this issue by performing an IPSEC tunnel and placing the telnet in another Interface something like this :

interface ethernet1 vlan1000 logical

nameif vlan1000 managment security 50

after create a VPN Client connection

And telnet to the Vlan 1000 interface ip address.

As for the same security level in two interfaces its apliable to any interface ( except inside and outside they have lvl 100 and 0 hardcoded) this is solved in PIX 7.0 with the "same-security-traffic permit inter-interface" but from what i gathered in my tests you still can't place the same security level in the Inside and Outside interfaces.

I hope this helped.

Go to solution
mister-daniel
Level 1
Level 1

‎07-11-2005 11:23 PM

Thanks for the replies - much appreciated.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card