[pix 525] 6.3(4) How to configure telnet on outside?

Discussion in 'Cisco' started by voytas, Sep 8, 2006.

  1. voytas

    voytas Guest

    Welcome,

    i have problem with configure telnet connection on outside interface.
    with inside and dmz interfaces the issues is clear. i add:
    telnet ip_addr inside
    and that's all what the inside interface needs

    but what else to add for outside interface than 'telnet ip_addr
    outside'?

    and another thing. How is very basic configuration for pix (ver. like
    in title) to connetc form inside to outside? my net is

    aaa.bbb.ccc.ddd aaa.bbb.ccc.ddd+1
    -------[router]-------------------------------------[pix]---------- dmz
    192.168.2.1
    |
    |
    | inside
    192.168.1.1
     
    voytas, Sep 8, 2006
    #1
    1. Advertising

  2. voytas

    CCIE 15766 Guest

    I have never tried to permit telnet from outside, because it is not
    safe. But I think you should add ACL to permit telnet traffic, in
    additional to [telnet] command. I am not very sure about it.

    To permit outbound traffic, you have to configure NAT.

    voytas wrote:
    > Welcome,
    >
    > i have problem with configure telnet connection on outside interface.
    > with inside and dmz interfaces the issues is clear. i add:
    > telnet ip_addr inside
    > and that's all what the inside interface needs
    >
    > but what else to add for outside interface than 'telnet ip_addr
    > outside'?
    >
    > and another thing. How is very basic configuration for pix (ver. like
    > in title) to connetc form inside to outside? my net is
    >
    > aaa.bbb.ccc.ddd aaa.bbb.ccc.ddd+1
    > -------[router]-------------------------------------[pix]---------- dmz
    > 192.168.2.1
    > |
    > |
    > | inside
    > 192.168.1.1
     
    CCIE 15766, Sep 8, 2006
    #2
    1. Advertising

  3. voytas

    Merv Guest

    If this is for a premanenet set up then you should use SSH for acccess
    to outside interface
     
    Merv, Sep 8, 2006
    #3
  4. In article <>,
    voytas <> wrote:
    >i have problem with configure telnet connection on outside interface.
    >with inside and dmz interfaces the issues is clear. i add:
    >telnet ip_addr inside
    >and that's all what the inside interface needs


    >but what else to add for outside interface than 'telnet ip_addr
    >outside'?


    There are only two ways to do it:

    1) set up a VPN connection that allows traffic to the outside
    interface, and then run the telnet within the VPN; or

    2) set up a VPN connection that allows traffic to the inside
    interface specially marked as being a "management interface", and then
    run the telnet within the VPN.

    The PIX refuses to allow plain-text telnet to the outside interface.

    Normal command-line management from outside is via ssh, not telnet.
    For ssh, be sure to use 'ca generate' to generate an RSA key, and
    'ca save all' to save that key permanently ("write memory" does not
    save the RSA key.) Then you can use the 'ssh' command to allow access.
     
    Walter Roberson, Sep 8, 2006
    #4
  5. In article <>,
    voytas <> wrote:
    >and another thing. How is very basic configuration for pix (ver. like
    >in title) to connetc form inside to outside? my net is


    > aaa.bbb.ccc.ddd aaa.bbb.ccc.ddd+1
    >-------[router]-------------------------------------[pix]---------- dmz
    >192.168.2.1
    > |
    > |
    > | inside
    >192.168.1.1


    ip address inside 192.168.1.1 255.255.255.0
    ip address dmz 192.168.2.1 255.255.255.0
    ip address outside aaa.bbb.ccc.ddd+1
    nat (inside) 1 192.168.1.0 255.255.255.0
    global (outside) 1 interface


    That's about it.

    Note: you did not ask for any data to be allowed to or from the dmz,
    so the above configuration does not permit the dmz to talk to anything.
     
    Walter Roberson, Sep 8, 2006
    #5
  6. "voytas" <> wrote in message
    news:...
    > Welcome,
    >
    > i have problem with configure telnet connection on outside interface.
    > with inside and dmz interfaces the issues is clear. i add:
    > telnet ip_addr inside
    > and that's all what the inside interface needs
    >
    > but what else to add for outside interface than 'telnet ip_addr
    > outside'?




    The PIX is build to refuse telnet from outside !
    Funny part is that you acually CAN add the command telnet 0 0 outside, but
    when you try the telnet from outside your logg will say:
    "..Packt is not an IPSEC Packet)
    I.e. the PIX expect telnet to be encrypted (As Walther R. replied aswell)
    So the best is to use SSH, and a SSH client such as putty.exe (google it)
    Or if you must - only encrypeted sessions are allowed, so you need to create
    VPN tunnel and add the command : Management acess inside.
    The you can connect the tunnel and telnet to the PIX inside IP, via the
    outside tunnel.

    HTH
    Martin Bilgrav

    >
    > and another thing. How is very basic configuration for pix (ver. like
    > in title) to connetc form inside to outside? my net is
    >
    > aaa.bbb.ccc.ddd aaa.bbb.ccc.ddd+1
    > -------[router]-------------------------------------[pix]---------- dmz
    > 192.168.2.1
    > |
    > |
    > | inside
    > 192.168.1.1
    >
     
    Martin Bilgrav, Sep 9, 2006
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. F. Michael Orr

    PIX 525 with VLANs on Outside Interface

    F. Michael Orr, Jul 14, 2004, in forum: Cisco
    Replies:
    1
    Views:
    2,223
    Kevin Widner
    Jul 16, 2004
  2. ka-50

    PIX 525 and two PIX-4FE-66=

    ka-50, Oct 19, 2004, in forum: Cisco
    Replies:
    1
    Views:
    591
    Walter Roberson
    Oct 19, 2004
  3. Mr Ping

    telnet to PIX 501 from outside

    Mr Ping, Dec 18, 2004, in forum: Cisco
    Replies:
    2
    Views:
    3,156
    Mr Ping
    Dec 18, 2004
  4. Jack
    Replies:
    0
    Views:
    741
  5. kyoo
    Replies:
    22
    Views:
    2,144
    Aceman
    Apr 12, 2008
Loading...

Share This Page