Re: PIX telnet again [7:3003]

Wed, 02 May 2001 23:56:54 -0700 

Search the archives.  Yes, it will work, but you're not tunneling traffic
from your internal network to the external IP of the PIX.  You're tunneling
traffic from the inside to the inside.  You also cannot telnet (nor ping)
the inside interface of a far PIX, due to the way it acts as a mid-box.

If you want to telnet to the outside interface via an IPSEC tunnel, you need
to use something like the VPN Client to have your end-point be the PIX
external interface.  The other option would be to get SSHv1 (vulnerable, but
still more secure than open telnet) working on your PIX.

As you already have a tunnel up, can you telnet to some other internal
device and telnet from it back to the inside PIX interface?  A Catalyst or
Win2k server will do.  Since it's in an encrypted tunnel, no big security
risk.

--
Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+
List email: [EMAIL PROTECTED]
Homepage: http://jason.artoo.net/



""Jim Bond""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hello,
>
> I have an IPSEC between central office router to site
> office PIX. Central office uses public IP address,
> site office has only 1 public IP address, therefore,
> uses NAT. Everything works fines except I can't telnet
> from central office to PIX (inside or outside). I can
> telnet from central office to servers inside PIX. Is
> there any command I need to add on the PIX? According
> to CCO, if IPSEC is established, telnet to PIX outside
> should work, right?
>
> Thanks in advance.
>
> Jim
>
> __________________________________________________
> Do You Yahoo!?
> Yahoo! Auctions - buy the things you want at great prices
> http://auctions.yahoo.com/
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=3010&t=3003
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Reply via email to