Re: Help Pix 501 [7:64278]
Well, if you wanted to bypass some of the secuirty that the PIX provides your network, you could permit a telnet session between the internet and an inside device on which you have shell (or EXEC) access. and then Telnet to the pix from there. For Example You---Internet--PIX--Router--Inside Network 1. Telnet from You to Router PIX Command- access-list outside_access_in permit tcp any any eq telnet PIX Command- static (inside,outside) tcp interface telnet telnet netmask 255.255.255.255 0 0 2. Log into your router as normal 3. Telnet from the router to the PIX. As the router is connected to the inside interface, this will work. But please if you are going to do this consider using SSH instead of telnet at the very least between your station and the Router. Jarett Juan Blanco wrote in message news:[EMAIL PROTECTED] Team, I want to be able to telnet to my internal network(terminal server) via the Pix 501, I have a connectivity via my cable provider, I have only one IP address. Before using the pix I have a router and I used to telnet to it from the Internet then connect to my terminal server, now I can't do it because there is no telnet capabilities from the Pix 501, Remember I have only one IPAny ideas how to do thisI looked in the Cisco Web and the examples that I was able to find they assume that I have more than 1 IP which is no my case.At the present time I have not problem connecting to the Pix from the Internet I really appreciate your help. Thanks, Juan Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64470t=64278 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Help Pix 501 [7:64278]
Juan, Use port redirection on the PIX. This will allow you to map plenty hosts on the inside to map to the outside. http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note0918 6a0080094aad.shtml#topic9 Julian - Original Message - From: J.D. Chaiken To: Sent: Wednesday, March 05, 2003 9:57 AM Subject: Re: Help Pix 501 [7:64278] Well, if you wanted to bypass some of the secuirty that the PIX provides your network, you could permit a telnet session between the internet and an inside device on which you have shell (or EXEC) access. and then Telnet to the pix from there. For Example You---Internet--PIX--Router--Inside Network 1. Telnet from You to Router PIX Command- access-list outside_access_in permit tcp any any eq telnet PIX Command- static (inside,outside) tcp interface telnet telnet netmask 255.255.255.255 0 0 2. Log into your router as normal 3. Telnet from the router to the PIX. As the router is connected to the inside interface, this will work. But please if you are going to do this consider using SSH instead of telnet at the very least between your station and the Router. Jarett Juan Blanco wrote in message news:[EMAIL PROTECTED] Team, I want to be able to telnet to my internal network(terminal server) via the Pix 501, I have a connectivity via my cable provider, I have only one IP address. Before using the pix I have a router and I used to telnet to it from the Internet then connect to my terminal server, now I can't do it because there is no telnet capabilities from the Pix 501, Remember I have only one IPAny ideas how to do thisI looked in the Cisco Web and the examples that I was able to find they assume that I have more than 1 IP which is no my case.At the present time I have not problem connecting to the Pix from the Internet I really appreciate your help. Thanks, Juan Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64536t=64278 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Help Pix 501 [7:64278]
Juan, The PIX does not permit you to telnet into it from the outside interface--this is a security feature. There are two solutions available: SSH and a VPN. My recommendation is to go the hard route and set up a remote access VPN connection to the PIX--SSH has been shown recently to have some vulnerabilities. Cheers! -- Richard A. Deal Visit my home page at http://home.cfl.rr.com/dealgroup/ Author of Cisco PIX Firewalls, CCNA Secrets Revealed!, CCNP Remote Access Exam Prep, CCNP Switching Exam Cram, and CCNP Cisco LAN Switch Configuration Exam Cram Cisco Test Prep author for QuizWare, providing the most comprehensive Cisco exams on the market. Juan Blanco wrote in message news:[EMAIL PROTECTED] Team, I want to be able to telnet to my internal network(terminal server) via the Pix 501, I have a connectivity via my cable provider, I have only one IP address. Before using the pix I have a router and I used to telnet to it from the Internet then connect to my terminal server, now I can't do it because there is no telnet capabilities from the Pix 501, Remember I have only one IPAny ideas how to do thisI looked in the Cisco Web and the examples that I was able to find they assume that I have more than 1 IP which is no my case.At the present time I have not problem connecting to the Pix from the Internet I really appreciate your help. Thanks, Juan Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64350t=64278 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Help Pix 501 [7:64278]
I agree with richard the only way you're going to do this with a single ip address is by setting up a vpn and then telneting as a second step. scott Richard Deal wrote in message news:[EMAIL PROTECTED] Juan, The PIX does not permit you to telnet into it from the outside interface--this is a security feature. There are two solutions available: SSH and a VPN. My recommendation is to go the hard route and set up a remote access VPN connection to the PIX--SSH has been shown recently to have some vulnerabilities. Cheers! -- Richard A. Deal Visit my home page at http://home.cfl.rr.com/dealgroup/ Author of Cisco PIX Firewalls, CCNA Secrets Revealed!, CCNP Remote Access Exam Prep, CCNP Switching Exam Cram, and CCNP Cisco LAN Switch Configuration Exam Cram Cisco Test Prep author for QuizWare, providing the most comprehensive Cisco exams on the market. Juan Blanco wrote in message news:[EMAIL PROTECTED] Team, I want to be able to telnet to my internal network(terminal server) via the Pix 501, I have a connectivity via my cable provider, I have only one IP address. Before using the pix I have a router and I used to telnet to it from the Internet then connect to my terminal server, now I can't do it because there is no telnet capabilities from the Pix 501, Remember I have only one IPAny ideas how to do thisI looked in the Cisco Web and the examples that I was able to find they assume that I have more than 1 IP which is no my case.At the present time I have not problem connecting to the Pix from the Internet I really appreciate your help. Thanks, Juan Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64364t=64278 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Help Pix 501 [7:64278]
Team, I want to be able to telnet to my internal network(terminal server) via the Pix 501, I have a connectivity via my cable provider, I have only one IP address. Before using the pix I have a router and I used to telnet to it from the Internet then connect to my terminal server, now I can't do it because there is no telnet capabilities from the Pix 501, Remember I have only one IPAny ideas how to do thisI looked in the Cisco Web and the examples that I was able to find they assume that I have more than 1 IP which is no my case.At the present time I have not problem connecting to the Pix from the Internet I really appreciate your help. Thanks, Juan Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64278t=64278 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]