Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
I would like to permit telnet acces
- Thread starter kumsa
- Start date
You cannot telnet to the outside interface of a PIX device. You have to use SSH (Secure Shell), or connect via VPN then telnet into the PIX. The easier way is SSH and it is secure because the traffic is encrypted unlike Telnet which sends that traffic clear text.
Here is how it is done:
Configuring Local SSH (No AAA Authentication)
It is also possible to set up an SSH connection to the PIX with local authentication and no AAA server; however, there is no discrete per-user username. The username is always "pix."
Use the following commands to configure local SSH on the PIX:
hostname goss-d3-pix515b
domain-name rtp.cisco.com
ca gen rsa key 1024
!--- Caution: The RSA key will not be saved without the CA SAVE ALL command.
!--- The write mem command will not save it! In addition,if the PIX has undergone a write erase
!--- or has been replaced, then cutting and pasting the old configuration does not generate the key.
!--- You must re-enter the ca gen rsa key command.
!--- If there is a secondary PIX in a failover pair, doing write standby will not copy the key
!--- from the primary to the secondary. You must also generate and save the key on the secondary device.
ssh 172.18.124.114 255.255.255.255 inside
ssh timeout 60
passwd cisco123
Since the default username in this arrangement is always "pix," then the command to connect to the PIX (this was 3DES from a Solaris box) is:
./ssh -c 3des -1 pix -v <ip_of_pix>
Cisco Link:
Thank you,
Frank Mirecki
BrantTel Networks
Here is how it is done:
Configuring Local SSH (No AAA Authentication)
It is also possible to set up an SSH connection to the PIX with local authentication and no AAA server; however, there is no discrete per-user username. The username is always "pix."
Use the following commands to configure local SSH on the PIX:
hostname goss-d3-pix515b
domain-name rtp.cisco.com
ca gen rsa key 1024
!--- Caution: The RSA key will not be saved without the CA SAVE ALL command.
!--- The write mem command will not save it! In addition,if the PIX has undergone a write erase
!--- or has been replaced, then cutting and pasting the old configuration does not generate the key.
!--- You must re-enter the ca gen rsa key command.
!--- If there is a secondary PIX in a failover pair, doing write standby will not copy the key
!--- from the primary to the secondary. You must also generate and save the key on the secondary device.
ssh 172.18.124.114 255.255.255.255 inside
ssh timeout 60
passwd cisco123
Since the default username in this arrangement is always "pix," then the command to connect to the PIX (this was 3DES from a Solaris box) is:
./ssh -c 3des -1 pix -v <ip_of_pix>
Cisco Link:
Thank you,
Frank Mirecki
BrantTel Networks
I think he wants to Telnet to a host inside the PIX, not to the PIX itself... If so, allow access to port 23.
access-list <list> permit host xxx.xxx.xxx.xxx host yyy.yyy.yyy.yyy eq telnet
xxx.xxx.xxx.xxx being the ip address of the user outside your network
yyy.yyy.yyy.yyy being the host inside your network..
Les
access-list <list> permit host xxx.xxx.xxx.xxx host yyy.yyy.yyy.yyy eq telnet
xxx.xxx.xxx.xxx being the ip address of the user outside your network
yyy.yyy.yyy.yyy being the host inside your network..
Les
- Status
Similar threads
- Locked
- Question
- Locked
- Question