VPN client can not telnet into pix

ahmed_salah · ‎09-02-2005

hi,

i have pix 525 running OS ver 6.3(4) the outside interface is connected to cisco router 1721 which is connected to internet i made vpn configuration on pix and the client can access every thing inside my network except i can not telnet into pix or router or cache engine i do not know why do u have any suggetstion

regards,

ahmed

please find attached pix config

nkhawaja · ‎09-02-2005

i dont think you will be able to telnet to the outside router if you vpn into the pix, the reason being pix not going to send the packet to the outside interface if the packet comes from outside interface.

for telnet to the pix, you need telnet x.x.x.x x.x.x.x outside.

but you will only be able to telnet if you have the VPN connection to the pix first.

or use ssh

thanks

Nadeem

rsmith · ‎09-02-2005

A workaround if you have an internal router, set up access to the PIX and outside router from the internal router. Then, you can telnet to the internal router from your vpn connection, and from their, telnet to the PIX our outside router. This could also be a security feature, I only allow a couple IP's telnet to a core internal router, and then only allow access to the PIX's from that router.

pwicks · ‎09-02-2005

My suggestion is that you enable SSH on the outside interface of the Pix. It is more secure than telnet and does not require a VPN connection since communication is already encrypted.

jackko · ‎09-04-2005

the only way to connect to a pix from the outside interface is ssh. pix doesn't allow telnet to its outside interface at all.

http://www.ciscotaccc.com/security/showcase?case=K75783563

alternatively, you may log on to a server, a pc or an internal router after the remote vpn established, then from the server/pc/router telnet to the pix inside interface.