[pix 525] 6.3(4) How to configure telnet on outside?

Welcome,

i have problem with configure telnet connection on outside interface. with inside and dmz interfaces the issues is clear. i add: telnet ip_addr inside and that's all what the inside interface needs

but what else to add for outside interface than 'telnet ip_addr outside'?

and another thing. How is very basic configuration for pix (ver. like in title) to connetc form inside to outside? my net is

aaa.bbb.ccc.ddd aaa.bbb.ccc.ddd+1

-------[router]-------------------------------------[pix]---------- dmz

192.168.2.1 | | | inside 192.168.1.1
Reply to
voytas
Loading thread data ...

I have never tried to permit telnet from outside, because it is not safe. But I think you should add ACL to permit telnet traffic, in additional to [telnet] command. I am not very sure about it.

To permit outbound traffic, you have to c> Welcome,

Reply to
CCIE 15766

If this is for a premanenet set up then you should use SSH for acccess to outside interface

Reply to
Merv

There are only two ways to do it:

1) set up a VPN connection that allows traffic to the outside interface, and then run the telnet within the VPN; or

2) set up a VPN connection that allows traffic to the inside interface specially marked as being a "management interface", and then run the telnet within the VPN.

The PIX refuses to allow plain-text telnet to the outside interface.

Normal command-line management from outside is via ssh, not telnet. For ssh, be sure to use 'ca generate' to generate an RSA key, and 'ca save all' to save that key permanently ("write memory" does not save the RSA key.) Then you can use the 'ssh' command to allow access.

Reply to
Walter Roberson

ip address inside 192.168.1.1 255.255.255.0 ip address dmz 192.168.2.1 255.255.255.0 ip address outside aaa.bbb.ccc.ddd+1 nat (inside) 1 192.168.1.0 255.255.255.0 global (outside) 1 interface

That's about it.

Note: you did not ask for any data to be allowed to or from the dmz, so the above configuration does not permit the dmz to talk to anything.

Reply to
Walter Roberson

The PIX is build to refuse telnet from outside ! Funny part is that you acually CAN add the command telnet 0 0 outside, but when you try the telnet from outside your logg will say: "..Packt is not an IPSEC Packet) I.e. the PIX expect telnet to be encrypted (As Walther R. replied aswell) So the best is to use SSH, and a SSH client such as putty.exe (google it) Or if you must - only encrypeted sessions are allowed, so you need to create VPN tunnel and add the command : Management acess inside. The you can connect the tunnel and telnet to the PIX inside IP, via the outside tunnel.

HTH Martin Bilgrav

Reply to
Martin Bilgrav

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.