Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > alternatives to accessing PIX via Telnet

Reply
Thread Tools

alternatives to accessing PIX via Telnet

 
 
Anne Robynn
Guest
Posts: n/a
 
      01-03-2004
I was cleaning out my firewall configuration trying to replace conduit
commands with access-list commands, when I lost connection with the
firewall. Now I can't access the firewall to configure it. I know this
is because I had done a "clear conduit" command and hadn't had a
chance to add the access-list permits.

Please tell me there's a way for me to access the firewall without
having port 23 open.

I am remote from the firewall and do not have physical access to it.

Any help is greatly appreciated.

Thanks,
Anne
 
Reply With Quote
 
 
 
 
Greg Reaume
Guest
Posts: n/a
 
      01-03-2004

"Anne Robynn" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) m...
>
> Please tell me there's a way for me to access the firewall without
> having port 23 open.
>
> I am remote from the firewall and do not have physical access to it.
>


Unless you're running PDM or the older HTTP interface you're out of luck.
The good news is that because you didn't get a chance to save your config to
flash, any monkey with a finger that knows how to spell 'PIX' can help you
out. Just get someone to power-cycle it and you're back to your last saved
config.

HTH, good luck.

Greg


 
Reply With Quote
 
 
 
 
Walter Roberson
Guest
Posts: n/a
 
      01-03-2004
In article <(E-Mail Removed)> ,
Anne Robynn <(E-Mail Removed)> wrote:
:I was cleaning out my firewall configuration trying to replace conduit
:commands with access-list commands, when I lost connection with the
:firewall. Now I can't access the firewall to configure it. I know this
:is because I had done a "clear conduit" command and hadn't had a
:chance to add the access-list permits.

Not unless there is something about your setup that you aren't
telling us. Conduits and access-lists have no effect on communications
to a PIX itself. And you can't normally telnet to the outside interface
of a PIX: that is specifically forbidden unless the telnet session
is carried inside an IPSec tunnel.

telnet access to a PIX is controlled by the 'telnet' configuration
command.


lease tell me there's a way for me to access the firewall without
:having port 23 open.

ssh, but that requires that you have generated and saved an rsa
key, and requires that you have used the 'ssh' command to permit
the access.
--
Strange but true: there are entire WWW pages devoted to listing
programs designed to obfuscate HTML.
 
Reply With Quote
 
Rik Bain
Guest
Posts: n/a
 
      01-03-2004
On Fri, 02 Jan 2004 23:31:13 -0600, Anne Robynn wrote:

> I was cleaning out my firewall configuration trying to replace conduit
> commands with access-list commands, when I lost connection with the
> firewall. Now I can't access the firewall to configure it. I know this
> is because I had done a "clear conduit" command and hadn't had a chance
> to add the access-list permits.
>
> Please tell me there's a way for me to access the firewall without
> having port 23 open.
>
> I am remote from the firewall and do not have physical access to it.
>
> Any help is greatly appreciated.
>
> Thanks,
> Anne


Sounds like you were telneting to an internal device then telneting back
into the pix, or you were using IPSEC and you removed an access-list that
was being used in a cypto policy. Either way, oops!

You might want to use ssh to administer your pix. Simply
generate an RSA key and enable ssh on the pix and you can use your
favorite ssh client to access it free from lockout from acl/conduit
changes.
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Telnet - attempting to initiate a telnet session within an established telnet session Carcarius Ruby 0 12-06-2007 03:26 AM
Need to talk to a telnet server and send a telnet break Jim Isaacson C Programming 5 11-05-2004 09:17 PM
SMTP Telnet test fails from DMZ to inside via PIX 515 Dave Foster Cisco 9 08-09-2004 03:16 AM
vpnclient access to remote pix via pix-pix tunnel Bill F Cisco 1 11-25-2003 06:03 AM
How can I telnet when I dont have specific access to a telnet client Jack B. Pollack Computer Support 4 07-24-2003 08:58 PM



Advertisments