Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > [pix 525] 6.3(4) How to configure telnet on outside?

Reply
Thread Tools

[pix 525] 6.3(4) How to configure telnet on outside?

 
 
voytas
Guest
Posts: n/a
 
      09-08-2006
Welcome,

i have problem with configure telnet connection on outside interface.
with inside and dmz interfaces the issues is clear. i add:
telnet ip_addr inside
and that's all what the inside interface needs

but what else to add for outside interface than 'telnet ip_addr
outside'?

and another thing. How is very basic configuration for pix (ver. like
in title) to connetc form inside to outside? my net is

aaa.bbb.ccc.ddd aaa.bbb.ccc.ddd+1
-------[router]-------------------------------------[pix]---------- dmz
192.168.2.1
|
|
| inside
192.168.1.1

 
Reply With Quote
 
 
 
 
CCIE 15766
Guest
Posts: n/a
 
      09-08-2006
I have never tried to permit telnet from outside, because it is not
safe. But I think you should add ACL to permit telnet traffic, in
additional to [telnet] command. I am not very sure about it.

To permit outbound traffic, you have to configure NAT.

voytas wrote:
> Welcome,
>
> i have problem with configure telnet connection on outside interface.
> with inside and dmz interfaces the issues is clear. i add:
> telnet ip_addr inside
> and that's all what the inside interface needs
>
> but what else to add for outside interface than 'telnet ip_addr
> outside'?
>
> and another thing. How is very basic configuration for pix (ver. like
> in title) to connetc form inside to outside? my net is
>
> aaa.bbb.ccc.ddd aaa.bbb.ccc.ddd+1
> -------[router]-------------------------------------[pix]---------- dmz
> 192.168.2.1
> |
> |
> | inside
> 192.168.1.1


 
Reply With Quote
 
 
 
 
Merv
Guest
Posts: n/a
 
      09-08-2006

If this is for a premanenet set up then you should use SSH for acccess
to outside interface

 
Reply With Quote
 
Walter Roberson
Guest
Posts: n/a
 
      09-08-2006
In article <(E-Mail Removed). com>,
voytas <(E-Mail Removed)> wrote:
>i have problem with configure telnet connection on outside interface.
>with inside and dmz interfaces the issues is clear. i add:
>telnet ip_addr inside
>and that's all what the inside interface needs


>but what else to add for outside interface than 'telnet ip_addr
>outside'?


There are only two ways to do it:

1) set up a VPN connection that allows traffic to the outside
interface, and then run the telnet within the VPN; or

2) set up a VPN connection that allows traffic to the inside
interface specially marked as being a "management interface", and then
run the telnet within the VPN.

The PIX refuses to allow plain-text telnet to the outside interface.

Normal command-line management from outside is via ssh, not telnet.
For ssh, be sure to use 'ca generate' to generate an RSA key, and
'ca save all' to save that key permanently ("write memory" does not
save the RSA key.) Then you can use the 'ssh' command to allow access.
 
Reply With Quote
 
Walter Roberson
Guest
Posts: n/a
 
      09-08-2006
In article <(E-Mail Removed). com>,
voytas <(E-Mail Removed)> wrote:
>and another thing. How is very basic configuration for pix (ver. like
>in title) to connetc form inside to outside? my net is


> aaa.bbb.ccc.ddd aaa.bbb.ccc.ddd+1
>-------[router]-------------------------------------[pix]---------- dmz
>192.168.2.1
> |
> |
> | inside
>192.168.1.1


ip address inside 192.168.1.1 255.255.255.0
ip address dmz 192.168.2.1 255.255.255.0
ip address outside aaa.bbb.ccc.ddd+1
nat (inside) 1 192.168.1.0 255.255.255.0
global (outside) 1 interface


That's about it.

Note: you did not ask for any data to be allowed to or from the dmz,
so the above configuration does not permit the dmz to talk to anything.

 
Reply With Quote
 
Martin Bilgrav
Guest
Posts: n/a
 
      09-09-2006

"voytas" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) ups.com...
> Welcome,
>
> i have problem with configure telnet connection on outside interface.
> with inside and dmz interfaces the issues is clear. i add:
> telnet ip_addr inside
> and that's all what the inside interface needs
>
> but what else to add for outside interface than 'telnet ip_addr
> outside'?




The PIX is build to refuse telnet from outside !
Funny part is that you acually CAN add the command telnet 0 0 outside, but
when you try the telnet from outside your logg will say:
"..Packt is not an IPSEC Packet)
I.e. the PIX expect telnet to be encrypted (As Walther R. replied aswell)
So the best is to use SSH, and a SSH client such as putty.exe (google it)
Or if you must - only encrypeted sessions are allowed, so you need to create
VPN tunnel and add the command : Management acess inside.
The you can connect the tunnel and telnet to the PIX inside IP, via the
outside tunnel.

HTH
Martin Bilgrav

>
> and another thing. How is very basic configuration for pix (ver. like
> in title) to connetc form inside to outside? my net is
>
> aaa.bbb.ccc.ddd aaa.bbb.ccc.ddd+1
> -------[router]-------------------------------------[pix]---------- dmz
> 192.168.2.1
> |
> |
> | inside
> 192.168.1.1
>



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Re: How include a large array? Edward A. Falk C Programming 1 04-04-2013 08:07 PM
Telnet - attempting to initiate a telnet session within an established telnet session Carcarius Ruby 0 12-06-2007 03:26 AM
Need to talk to a telnet server and send a telnet break Jim Isaacson C Programming 5 11-05-2004 09:17 PM
can I configure cisco 1720 via telnet? John Cisco 2 06-22-2004 12:50 PM
How can I telnet when I dont have specific access to a telnet client Jack B. Pollack Computer Support 4 07-24-2003 08:58 PM



Advertisments