RE: Cisco Pix Telnet Access
Title: RE: Cisco Pix Telnet Access Is this the only issue? Are you routing properly between VLANs? Can you ping the PIX? If telnet from VLAN2 is the only thing blocked, it sounds like a rule issue. -Original Message- From: p s [mailto:[EMAIL PROTECTED]] Sent: Thursday, October 12, 2000 11:18 AM To: [EMAIL PROTECTED] Subject: Cisco Pix Telnet Access To Cisco Study Group I have a Cisco 515 Pix Firewall that I cannot Telnet to from my 10.10.9.0 network. I just created VLAN 2 on my Cisco 6503 Switch, VLAN 2 contains the entire 10.10.9.0 network. VLAN1 contains the 10.10.10.0 network. My 6503 switch connects through an MSFC interface to a T1 which connects to our Data Center where the Pix Firewall is located. Does anyone have any ideas on what would cause this Telnet issue? Thanks for your help Paul Stapleton [EMAIL PROTECTED] __ Do You Yahoo!? Get Yahoo! Mail - Free email you can access from anywhere! http://mail.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cisco Pix Telnet Access
I've never heard of a 6503 on 6505 and 6509? -Original Message- From: Taylor, Don [mailto:[EMAIL PROTECTED]] Sent: Thursday, October 12, 2000 2:43 PM To: 'p s'; [EMAIL PROTECTED] Subject: RE: Cisco Pix Telnet Access Is this the only issue? Are you routing properly between VLANs? Can you ping the PIX? If telnet from VLAN2 is the only thing blocked, it sounds like a rule issue. -Original Message- From: p s [ mailto:[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> ] Sent: Thursday, October 12, 2000 11:18 AM To: [EMAIL PROTECTED] Subject: Cisco Pix Telnet Access To Cisco Study Group I have a Cisco 515 Pix Firewall that I cannot Telnet to from my 10.10.9.0 network. I just created VLAN 2 on my Cisco 6503 Switch, VLAN 2 contains the entire 10.10.9.0 network. VLAN1 contains the 10.10.10.0 network. My 6503 switch connects through an MSFC interface to a T1 which connects to our Data Center where the Pix Firewall is located. Does anyone have any ideas on what would cause this Telnet issue? Thanks for your help Paul Stapleton [EMAIL PROTECTED] __ Do You Yahoo!? Get Yahoo! Mail - Free email you can access from anywhere! http://mail.yahoo.com/ <http://mail.yahoo.com/> _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html <http://www.groupstudy.com/list/cisco.html> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cisco Pix Telnet Access
By default, the pix firewall will not allow telnet access on any interface from any subnet. You have to manually configure it. The following command should work: telnet 10.10.9.0 255.255.255.0 inside This will allow the entire 10.10.9.0 network to telnet to the inside interface of the pix. You may want to be more specific and grant only certain machines (/32 mask) telnet access to the pix. Chris Lemagie Systems Engineer Cisco Systems Seattle Commercial Region (425) 468-0959 [EMAIL PROTECTED] http://www.cisco.com/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of p s Sent: Thursday, October 12, 2000 11:18 AM To: [EMAIL PROTECTED] Subject:Cisco Pix Telnet Access To Cisco Study Group I have a Cisco 515 Pix Firewall that I cannot Telnet to from my 10.10.9.0 network. I just created VLAN 2 on my Cisco 6503 Switch, VLAN 2 contains the entire 10.10.9.0 network. VLAN1 contains the 10.10.10.0 network. My 6503 switch connects through an MSFC interface to a T1 which connects to our Data Center where the Pix Firewall is located. Does anyone have any ideas on what would cause this Telnet issue? Thanks for your help Paul Stapleton [EMAIL PROTECTED] __ Do You Yahoo!? Get Yahoo! Mail - Free email you can access from anywhere! http://mail.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cisco Pix Telnet Access
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 If memory serves me right - there is a telnet command in the PIX that you have to specify network / host that can telnet to it (inside interface). Maybe it was set for the 10.10.10.0/24 network?? Stranger things have happened > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf > Of Smith, Warren > Sent: Thursday, October 12, 2000 2:17 PM > To: [EMAIL PROTECTED] > Subject: RE: Cisco Pix Telnet Access > > > I've never heard of a 6503 on 6505 and 6509? > > -Original Message- > From: Taylor, Don [mailto:[EMAIL PROTECTED]] > Sent: Thursday, October 12, 2000 2:43 PM > To: 'p s'; [EMAIL PROTECTED] > Subject: RE: Cisco Pix Telnet Access > > > > Is this the only issue? Are you routing properly between VLANs? > Can you ping > the PIX? If telnet from VLAN2 is the only thing blocked, it sounds > like a rule issue. > > -Original Message- > From: p s [ mailto:[EMAIL PROTECTED] > <mailto:[EMAIL PROTECTED]> ] > Sent: Thursday, October 12, 2000 11:18 AM > To: [EMAIL PROTECTED] > Subject: Cisco Pix Telnet Access > > > To Cisco Study Group > > I have a Cisco 515 Pix Firewall that I cannot Telnet > to from my 10.10.9.0 network. I just created VLAN 2 > on my Cisco 6503 Switch, VLAN 2 contains the entire > 10.10.9.0 network. VLAN1 contains the 10.10.10.0 > network. My 6503 switch connects through an MSFC > interface to a T1 which connects to our Data Center > where the Pix Firewall is located. Does anyone have > any ideas on what would cause this Telnet issue? > Thanks for your help > > Paul Stapleton > > [EMAIL PROTECTED] > > > __ > Do You Yahoo!? > Get Yahoo! Mail - Free email you can access from anywhere! > http://mail.yahoo.com/ <http://mail.yahoo.com/> > > _ > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > <http://www.groupstudy.com/list/cisco.html> > Report misconduct and Nondisclosure violations to > [EMAIL PROTECTED] > > _ > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] -BEGIN PGP SIGNATURE- Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com> iQA/AwUBOeYlUWXJjpv8sjtQEQJEIACg8tVLqT4hM8iSpFwPh3bi8z0v4hIAnAhq kV620Lic3hWxjqoa/a3+Icf0 =aulP -END PGP SIGNATURE- _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cisco Pix Telnet Access
Paul, A PIX will not allow a telnet session to the outside interface unless it is running IPSEC. I will usually open a hole for telnet from the management station address (with the conduit command or an access list) to a Cisco device on the inside subnet. Allow that device to telnet into the PIX by applying the telnet command on the PIX. It's a little convoluted but more secure. Dave Swink > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of p > s > Sent: Thursday, October 12, 2000 1:18 PM > To: [EMAIL PROTECTED] > Subject: Cisco Pix Telnet Access > > > To Cisco Study Group > > I have a Cisco 515 Pix Firewall that I cannot Telnet > to from my 10.10.9.0 network. I just created VLAN 2 > on my Cisco 6503 Switch, VLAN 2 contains the entire > 10.10.9.0 network. VLAN1 contains the 10.10.10.0 > network. My 6503 switch connects through an MSFC > interface to a T1 which connects to our Data Center > where the Pix Firewall is located. Does anyone have > any ideas on what would cause this Telnet issue? > Thanks for your help > > Paul Stapleton > > [EMAIL PROTECTED] > > > __ > Do You Yahoo!? > Get Yahoo! Mail - Free email you can access from anywhere! > http://mail.yahoo.com/ > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
