Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1018
Views
0
Helpful
5
Replies

allowing Telnet access from specific IP w/ PIX 515E

ncmintmail
Level 1
Level 1

‎09-26-2006 07:39 AM

What would the command(s) be to allow Telnet access from only 1 IP?

Labels:
0 Helpful
5 Replies 5

ajagadee
Cisco Employee
Cisco Employee

‎09-26-2006 09:21 AM

Rob,

If you want to allow telnet to the pix from only one IP, you can use the below command in the configuration.

telnet 192.168.1.2 255.255.255.255 inside

The above configuration will allow only 192.168.1.2 to access the Pix via telnet from the inside interface.

Reference:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_60/config/config.htm#1020787

Let me know if it helps.

Regards,

Arul

0 Helpful

scottmac
Level 10
Level 10

‎09-26-2006 04:00 PM

PIX OS will not allow Telnet from the outside in any configuration.

If you need terminal access from the outside, you must use SSH, or VPN to a host on the inside and Telnet to the PIX form there.

Good Luck

Scott

0 Helpful

ncmintmail
Level 1
Level 1
In response to scottmac

‎09-26-2006 06:12 PM

Well I should be able to use an ACL, combined with a route, no? For instance, have a route that goes from Pix IP: 25 to 192.168.1.x, and then an ACL that allows this route from only 1 external IP?

0 Helpful

scottmac
Level 10
Level 10
In response to ncmintmail

‎09-26-2006 07:04 PM

No, at least not from the outside.

Telnet is considered absolutely not secure, and so, the PIX OS does not allow it in any type of configuration.

From the outside, your options are SSH or a VPN to an internal host (from wich you can then telnet back out to the inside interface).

Good Luck

Scott

0 Helpful

ncmintmail
Level 1
Level 1
In response to scottmac

‎09-26-2006 07:32 PM

OK then SSH is an option. Now let me elaborate further.

We have 2 networks in place. 1 uses the Cisco router/PIX firewall with a T-1 line. The other uses a Watchguard firewall with a cable modem. Now, both the PIX and Watchguard have an internal IP of 131.107.x.x. The networks are kept separated by separate switches. The T-1/Ciscos are used for traffic to our web sites. The Watchguard/cable modem are for our internal users for web access and email.

Now, currently our external users in the warehouse use the cable more/Watchguard IP to access our network. We'd like to use the T-1/Cisco network as a backup since the cable modem goes down from time to time.

So can we create a route and/or ACL using the external IP of the PIX? I am checking with our IBM AIX support team about adding a static route to the box (that we use to Telnet/SSH into) to also add the external IP as a route, if it's even possible.

Thanks,

Rob

0 Helpful
Customers Also Viewed These Support Documents