I set up telnet to the outside if with every PIX I send out the door. It
does require IPSec and I use v6.01 and VPN client 3.0/3.1 (don't know the
ins and outs on older versions).
Below is a sample configuration that's actually in use, with the IP's
changed to protect the innocent. Note that the basic elements include:
defining an IP local pool, creating an access list with source address being
the outside interface of the PIX and the destination being the IP Pool
range. Then, of course, you have to do the telnet outside statement and the
rest of the IPSec stuff. Note that with this configuration you would need
to set up a client to go to address 99.12.192.121, with the username vpnuser
and the password idontthinkso. Below is a sample, from a 506:
PIX Version 6.0(1)
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable xoxoxoxo
passwd abababab
hostname asdf
...
...
access-list 91 permit ip host 99.12.192.121 192.168.210.0 255.255.255.0
...
...
ip address outside 99.12.192.121 255.255.255.224
ip address inside 192.168.1.1 255.255.255.0
...
...
ip local pool vpnpool 192.168.210.1-192.168.210.30
...
...
sysopt connection permit-ipsec
no sysopt route dnat
crypto ipsec transform-set triple esp-3des esp-md5-hmac
crypto dynamic-map dynmap 20 set transform-set triple
...
...
crypto map clientmap 20 ipsec-isakmp dynamic dynmap
crypto map clientmap client configuration address initiate
crypto map clientmap client configuration address respond
crypto map clientmap interface outside
isakmp enable outside
...
isakmp client configuration address-pool local vpnpool outside
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash md5
isakmp policy 10 group 1
isakmp policy 10 lifetime 28800
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption 3des
isakmp policy 20 hash md5
isakmp policy 20 group 2
isakmp policy 20 lifetime 1000
vpngroup vpnuser address-pool vpnpool
vpngroup vpnuser idle-time 1800
vpngroup vpnuser password idontthinkso
telnet 192.168.210.0 255.255.255.0 outside
...
telnet timeout 5
...
...
----- Original Message -----
From: "MADMAN"
To:
Sent: Tuesday, September 18, 2001 8:09 AM
Subject: Re: Telnet on PIX outside interface [7:20271]
> If what you trying to do is telnet to the PIX outside interface, no
> can do.
>
> dave
>
> NRB wrote:
> >
> > Guys/Gurus,
> >
> > Can anyone please help me in setting up Telnet access on outside
> interface
> > of PIX.
> > I heard that we need to uses IPSec and Cisco VPN client. I do not have
> VPN
> > client,
> > can it still be done. Please help.
> >
> > Thanks,
> > NRB
> --
> David Madland
> Sr. Network Engineer
> CCIE# 2016
> Qwest Communications Int. Inc.
> [EMAIL PROTECTED]
> 612-664-3367
>
> "Emotion should reflect reason not guide it"
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=20290&t=20271
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
