caroll ...thanks for the info..very important ...i have not been able to
find a definition for port 22...it is ommitted in most
documents...lawrence
>From: "Carroll Kong" >Reply-To: "Carroll Kong" >To: [EMAIL PROTECTED]
>Subject: Re: telnet on Pix 515 ver 5.3.1 [7:1285] >Date: Thu, 19 Apr
2001 18:23:49 -0400 >Received: from [63.104.50.75] by hotmail.com (3.2)
with ESMTP id MHotMailBCA8B52600B04004311A3F68324B069D14; Thu Apr 19
15:44:40 2001 >Received: from localhost (mail@localhost)by groupstudy.com
(8.9.3/8.9.3) with SMTP id SAA20689;Thu, 19 Apr 2001 18:35:11 -0400
>Received: by groupstudy.com (bulk_mailer v1.12); Thu, 19 Apr 2001
18:23:51 -0400 >Received: (from listserver@localhost)by groupstudy.com
(8.9.3/8.9.3) id SAA16481GroupStudy Mailer; Thu, 19 Apr 2001 18:23:50
-0400 >Received: (from mail@localhost)by groupstudy.com (8.9.3/8.9.3) id
SAA16473GroupStudy Mailer; Thu, 19 Apr 2001 18:23:49 -0400 >From
[EMAIL PROTECTED] Thu Apr 19 15:45:37 2001 >Message-Id:
>X-GroupStudy-Version: 3.1.1a
>X-GroupStudy: Network Technical >Sender: [EMAIL PROTECTED]
>Precedence: bulk > >At 04:25 PM 4/19/01 -0400, Scott Dees wrote: >
>Anyone who can help me. > > > > I have a PIX 515 running IOS ver 5.3(1)
and am trying to set it up to >be > >able to telnet into it from the
outside. It is up and running perfectly > >aside from this little quirk.
> > > >First question is this possible? > >Second question how do you do
it? > > > >Any help will be greatly appreciated > > > >Scott > >I only
tried this with the SSH daemon, I see no reason why it can't work >with
telnet aside from the security risks. > >You need to turn on the telnet
daemon. so > >telnet 0.0.0.0 0.0.0.0 outside > >have an ACL open up port
23 (well I open up a conduit, which might be >overkill, since you already
bound the daemon to the outside interface) >conduit permit tcp host eq 23
any > >Now, I hope you do listen to this part, but I strongly suggest NOT
doing >this. Telnet is a clear text protocol, and the pix is a powerful
>firewall. This is an Achilles Heel to the box to remotely telnet in
clear >text! Use a VPN, or dial-in to the back and telnet to the internal
>port. Or, use SSH if you have the DES/3DES key activated! Then use
>similar commands to enable ssh. (ssh is port 22 by the way). > >To
enable SSH, you need to generate an RSA key pair. (you also need the
>DES/3DES key) >conf t >ca generate rsa 1024 >ca save all >ssh 0.0.0.0
0.0.0.0 outside >conduit permit tcp host eq 22 any > > > >-Carroll Kong >
and subscription info: http://www.groupstudy.com/list/cisco.html >Report
misconduct and Nondisclosure violations to [EMAIL PROTECTED]
------------------------------------------------------------------------
Get your FREE download of MSN Explorer at http://explorer.msn.com
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=1319&t=1285
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
