Hmm .. never tried this , and
assuming it works I certainly would never recommend /do it ...
If you are truly desperate for telnet - would the pix allow you to make a
static external address for the inside interface of the pix itself, and
allow telnet to that and as part
of the telnet permitted pool ?
Anyway - if telnet is required, the usual ways are to either do a bounce
telnet as below or to take it a step further use some port redirection on an
internal host to accomplish the same thing .
Probably worth saying one more time, for emphasis - none of these are
recommended!
a) Use SSH, it is free ...
b) Even better - use 3DES VPN
... and then telnet from that host to the inside interface
c) The bestest - use a 3DES VPN to a host and run SSH from there to the
inside interface :)
>
Thanks!
TJ
-----Original Message-----
From: Ole Drews Jensen [mailto:[EMAIL PROTECTED]]
Sent: Monday, March 04, 2002 3:15 PM
To: [EMAIL PROTECTED]
Subject: RE: PIX questions [7:37129]
If you really want to create a loophole so you can telnet into the firewall
from the outside, and you do not want to create a secure connection to it,
you can place a dummy router (or other telnet ready device) on the inside,
allow telnet to it from the outside, allow the device to telnet to the PIX,
telnet to it and reverse telnet back to the PIX.
Hth,
Ole
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Ole Drews Jensen
Systems Network Manager
CCNP, MCSE, MCP+I
RWR Enterprises, Inc.
[EMAIL PROTECTED]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
http://www.RouterChief.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
NEED A JOB ???
http://www.oledrews.com/job
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-----Original Message-----
From: MJ [mailto:[EMAIL PROTECTED]]
Sent: Monday, March 04, 2002 1:35 PM
To: [EMAIL PROTECTED]
Subject: Re: PIX questions [7:37129]
Hunt/Swapnil - You can not telnet to the outside interface. You will need
to configure SSH.
""Swapnil Jain"" wrote in message
news:[EMAIL PROTECTED].;
> u dont need to add a conduit for telnet unless u have blocked port 23.
>
> just add
> telnet ip_address [netmask] [if_name]
>
> to allow telnet from ip_address
>
> bye swapnil
>
> ""Hunt Lee"" wrote in message
> news:[EMAIL PROTECTED].;
> > Hi all,
> >
> > I have two questions about PIX 501, it would be great if someone can
shed
> > some light on this:
> >
> > 1) Currently, I'm using a software called RANCID to monitor and save
> > configs for my works' routers.I know that RANCID uses a Clogin to get
into
> > the router, it then do a show running-config command to veiw the
configs,
> > and then backs it up.
> > My question is, would PIX 501 supports Clogin?
> >
> > 2) Also, I know one can use "conduit permit icmp any any" to allow
the
> > PING packets to get thru the PIX. Would I be able to use a similar
> command
> > which will allow me to telnet from "outside network" into the PIX?
> >
> > Please help...
> >
> > Best Regards,
> > Hunt Lee
*****************************************************************************
The information in this email is confidential and may be legally privileged.
It is intended solely for the addressee. Access to this email by anyone else
is unauthorized.
If you are not the intended recipient, any disclosure, copying, distribution
or any action taken or omitted to be taken in reliance on it, is prohibited
and may be unlawful. When addressed to our clients any opinions or advice
contained in this email are subject to the terms and conditions expressed in
the governing KPMG client engagement letter.
*****************************************************************************
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=37251&t=37129
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
