Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
474
Views
6
Helpful
2
Replies

Telnet on outside interface of firewall

fmatrine
Level 1
Level 1

‎01-25-2005 05:13 AM

Dear Sir,

For management purpose in the implementation phase i want to enable telnet on the outside interface of PIX-506E firewall details for which is as given below.

Kindly guide me with the sample config with necessary access-list for thesame.

Firewall- subnet details

LAN Subnet:- 192.168.100.0/24

Firewall Subet:- 202.100.100.0/28

Firewall External Interface IP:- 202.100.100.1/28

Firewall Internal Interface IP:- 192.168.100.1/24

Default gateway for PC is Internal interface IP of Firewall

Regards

Deepak

Labels:
0 Helpful
2 Replies 2

sachinraja
Level 9
Level 9

‎01-25-2005 09:30 PM

Hi deepak,

You need to enable SSH to be able to access the pix from outside. the commands to enable ssh is :

ssh x.x.x.x 255.255.255.255 outside

ssh timeout 5

where x.x.x.x is the ip address of the PC from which you are going to access the PIX.

you can refer to the command reference of pix for more reference:

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_command_reference_chapter09186a0080104255_4container_ccmigration_09186a00801e8934.html#wp1026535

you can have any ssh client like Putty,tectia,F-secure etc to connect to the PIX.

hope this helps.. all the best..

Raj

ewei
Level 1
Level 1

‎01-26-2005 05:47 AM

the only way you can do is to configure a lan-to-lan ipsec from remote devices to pix and permit telnet outside interface

here is a simple working config

HTH

aaa authentication telnet console LOCAL

sysopt connection permit-ipsec

crypto ipsec transform-set Router-PIX esp-des esp-sha-hmac

crypto dynamic-map Router-PIX 10 set transform-set Router-PIX

crypto map PIX-Router 10 ipsec-isakmp dynamic Router-PIX

crypto map PIX-Router client authentication LOCAL

crypto map PIX-Router interface outside

isakmp enable outside

isakmp key ******** address 0.0.0.0 netmask 0.0.0.0

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption des

isakmp policy 10 hash md5

isakmp policy 10 group 1

isakmp policy 10 lifetime 86400

telnet x.x.x.x 255.255.255.255 outside

ROUTER

crypto isakmp policy 10

hash md5

authentication pre-share

crypto isakmp key cisco address 202.x.x.1

!

!

crypto ipsec transform-set r127 esp-des esp-sha-hmac

crypto mib ipsec flowmib history tunnel size 200

crypto mib ipsec flowmib history failure size 200

!

crypto map R127 30 ipsec-isakmp

set peer x.x.100.1

set transform-set r127

match address 103

access-list 103 permit tcp host x.x.x.x host

202.100.100.1 eq telnet

Router#202.x.x.1

Trying 202.x.x.1 ... Open

User Access Verification

Username: ********

Password: ********

Type help or '?' for a list of available commands.

PIX-525>

0 Helpful
Customers Also Viewed These Support Documents