DMZ Firewall

bws · ‎01-16-2006

I've my management network of 172.16.0.0/24.

i am unable to telnet one of my DMZ-Firewall set. Attached file has the conf info.

Please let me know why i am unable to reach this firewall via telnet from my manangemnt network where as i am able to reach rest all devices.

ashishpanda · ‎01-16-2006

Hi Adil,

Which intrerface you are trying to telnet?If you are trying to telnet the internet interface it wont as it is the lowest security interface.

You cannot use Telnet to the lowest security interface unless you use Telnet inside an IPSec tunnel.

http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_70/config/mgaccess.htm#wp1054101

If this is the case then you have two possibilities

1.make an IPSec tunnel

2.Configure an iterface with security level lower than the internet interface(i.e. with security 0)

Please rate the post if it helps.

regards

Ashish

jackko · ‎01-16-2006

pix by default doesn't permit telnet from the outside/internet interface.

one workaround is to configure ssh.

e.g.

hostname yourpix

domain-name yourpix.com

ca generate rsa key 1024

ca save all

ssh 172.16.0.0 255.255.255.0 outside

bws · ‎01-20-2006

hi,

i issue the following command on pix

ssh 172.16.0.0 255.255.255.0 outside

but still it i am unable to reach it. Is it a must that i need to generate certificate keys?

thanks,

jackko · ‎01-22-2006

just wondering if you are referring to my previous post the command "ca generate". if so, yes, ssh requires the rsa key.

bws · ‎01-26-2006

hi jacko,

thanks , it works..i am able to reach it...but still unable to login..keeps saying incorrect username or password...

i 'have also created a username named...pixuser and set its password using password command....when i connect to it prompt me for username and password.i provide the credentials but it doesn't logs in...

thanks,

jackko · ‎01-26-2006

the default username is "pix", and the password is the one created by the command "password xxxxxxxx".