RE: PIX questions [7:37129]
Hmm .. never tried this , and assuming it works I certainly would never recommend /do it ... If you are truly desperate for telnet - would the pix allow you to make a static external address for the inside interface of the pix itself, and allow telnet to that and as part of the telnet permitted pool ? Anyway - if telnet is required, the usual ways are to either do a bounce telnet as below or to take it a step further use some port redirection on an internal host to accomplish the same thing . Probably worth saying one more time, for emphasis - none of these are recommended! a) Use SSH, it is free ... b) Even better - use 3DES VPN ... and then telnet from that host to the inside interface c) The bestest - use a 3DES VPN to a host and run SSH from there to the inside interface :) Thanks! TJ -Original Message- From: Ole Drews Jensen [mailto:[EMAIL PROTECTED]] Sent: Monday, March 04, 2002 3:15 PM To: [EMAIL PROTECTED] Subject: RE: PIX questions [7:37129] If you really want to create a loophole so you can telnet into the firewall from the outside, and you do not want to create a secure connection to it, you can place a dummy router (or other telnet ready device) on the inside, allow telnet to it from the outside, allow the device to telnet to the PIX, telnet to it and reverse telnet back to the PIX. Hth, Ole ~~~ Ole Drews Jensen Systems Network Manager CCNP, MCSE, MCP+I RWR Enterprises, Inc. [EMAIL PROTECTED] ~~~ http://www.RouterChief.com ~~~ NEED A JOB ??? http://www.oledrews.com/job ~~~ -Original Message- From: MJ [mailto:[EMAIL PROTECTED]] Sent: Monday, March 04, 2002 1:35 PM To: [EMAIL PROTECTED] Subject: Re: PIX questions [7:37129] Hunt/Swapnil - You can not telnet to the outside interface. You will need to configure SSH. Swapnil Jain wrote in message news:[EMAIL PROTECTED]; u dont need to add a conduit for telnet unless u have blocked port 23. just add telnet ip_address [netmask] [if_name] to allow telnet from ip_address bye swapnil Hunt Lee wrote in message news:[EMAIL PROTECTED]; Hi all, I have two questions about PIX 501, it would be great if someone can shed some light on this: 1)Currently, I'm using a software called RANCID to monitor and save configs for my works' routers.I know that RANCID uses a Clogin to get into the router, it then do a show running-config command to veiw the configs, and then backs it up. My question is, would PIX 501 supports Clogin? 2)Also, I know one can use conduit permit icmp any any to allow the PING packets to get thru the PIX. Would I be able to use a similar command which will allow me to telnet from outside network into the PIX? Please help... Best Regards, Hunt Lee * The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. When addressed to our clients any opinions or advice contained in this email are subject to the terms and conditions expressed in the governing KPMG client engagement letter. * Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=37251t=37129 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX questions [7:37129]
Hunt/Swapnil - You can not telnet to the outside interface. You will need to configure SSH. Swapnil Jain wrote in message news:[EMAIL PROTECTED]; u dont need to add a conduit for telnet unless u have blocked port 23. just add telnet ip_address [netmask] [if_name] to allow telnet from ip_address bye swapnil Hunt Lee wrote in message news:[EMAIL PROTECTED]; Hi all, I have two questions about PIX 501, it would be great if someone can shed some light on this: 1)Currently, I'm using a software called RANCID to monitor and save configs for my works' routers.I know that RANCID uses a Clogin to get into the router, it then do a show running-config command to veiw the configs, and then backs it up. My question is, would PIX 501 supports Clogin? 2)Also, I know one can use conduit permit icmp any any to allow the PING packets to get thru the PIX. Would I be able to use a similar command which will allow me to telnet from outside network into the PIX? Please help... Best Regards, Hunt Lee Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=37175t=37129 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX questions [7:37129]
If you really want to create a loophole so you can telnet into the firewall from the outside, and you do not want to create a secure connection to it, you can place a dummy router (or other telnet ready device) on the inside, allow telnet to it from the outside, allow the device to telnet to the PIX, telnet to it and reverse telnet back to the PIX. Hth, Ole ~~~ Ole Drews Jensen Systems Network Manager CCNP, MCSE, MCP+I RWR Enterprises, Inc. [EMAIL PROTECTED] ~~~ http://www.RouterChief.com ~~~ NEED A JOB ??? http://www.oledrews.com/job ~~~ -Original Message- From: MJ [mailto:[EMAIL PROTECTED]] Sent: Monday, March 04, 2002 1:35 PM To: [EMAIL PROTECTED] Subject: Re: PIX questions [7:37129] Hunt/Swapnil - You can not telnet to the outside interface. You will need to configure SSH. Swapnil Jain wrote in message news:[EMAIL PROTECTED]; u dont need to add a conduit for telnet unless u have blocked port 23. just add telnet ip_address [netmask] [if_name] to allow telnet from ip_address bye swapnil Hunt Lee wrote in message news:[EMAIL PROTECTED]; Hi all, I have two questions about PIX 501, it would be great if someone can shed some light on this: 1)Currently, I'm using a software called RANCID to monitor and save configs for my works' routers.I know that RANCID uses a Clogin to get into the router, it then do a show running-config command to veiw the configs, and then backs it up. My question is, would PIX 501 supports Clogin? 2)Also, I know one can use conduit permit icmp any any to allow the PING packets to get thru the PIX. Would I be able to use a similar command which will allow me to telnet from outside network into the PIX? Please help... Best Regards, Hunt Lee Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=37184t=37129 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX questions [7:37129]
If you really want to create a loophole so you can telnet into the firewall from the outside, and you do not want to create a secure connection to it, you can place a dummy router (or other telnet ready device) on the inside, allow telnet to it from the outside, allow the device to telnet to the PIX, telnet to it and reverse telnet back to the PIX. Hth, Ole ~~~ Ole Drews Jensen Systems Network Manager CCNP, MCSE, MCP+I RWR Enterprises, Inc. [EMAIL PROTECTED] ~~~ http://www.RouterChief.com ~~~ NEED A JOB ??? http://www.oledrews.com/job ~~~ -Original Message- From: MJ [mailto:[EMAIL PROTECTED]] Sent: Monday, March 04, 2002 1:35 PM To: [EMAIL PROTECTED] Subject: Re: PIX questions [7:37129] Hunt/Swapnil - You can not telnet to the outside interface. You will need to configure SSH. Swapnil Jain wrote in message news:[EMAIL PROTECTED]; u dont need to add a conduit for telnet unless u have blocked port 23. just add telnet ip_address [netmask] [if_name] to allow telnet from ip_address bye swapnil Hunt Lee wrote in message news:[EMAIL PROTECTED]; Hi all, I have two questions about PIX 501, it would be great if someone can shed some light on this: 1)Currently, I'm using a software called RANCID to monitor and save configs for my works' routers.I know that RANCID uses a Clogin to get into the router, it then do a show running-config command to veiw the configs, and then backs it up. My question is, would PIX 501 supports Clogin? 2)Also, I know one can use conduit permit icmp any any to allow the PING packets to get thru the PIX. Would I be able to use a similar command which will allow me to telnet from outside network into the PIX? Please help... Best Regards, Hunt Lee Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=37182t=37129 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX questions [7:37129]
u dont need to add a conduit for telnet unless u have blocked port 23. just add telnet ip_address [netmask] [if_name] to allow telnet from ip_address bye swapnil Hunt Lee wrote in message news:[EMAIL PROTECTED]; Hi all, I have two questions about PIX 501, it would be great if someone can shed some light on this: 1)Currently, I'm using a software called RANCID to monitor and save configs for my works' routers.I know that RANCID uses a Clogin to get into the router, it then do a show running-config command to veiw the configs, and then backs it up. My question is, would PIX 501 supports Clogin? 2)Also, I know one can use conduit permit icmp any any to allow the PING packets to get thru the PIX. Would I be able to use a similar command which will allow me to telnet from outside network into the PIX? Please help... Best Regards, Hunt Lee Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=37131t=37129 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX questions [7:37129]
That wouldn`t work ! Telnet from outside network is prohibited even if you define it with telnet blah outside command. The work around is to protect the telnet traffic with IPSec or configure SSH if you don`t want hassle with IPSec configuration. HTH u dont need to add a conduit for telnet unless u have blocked port 23. just add telnet ip_address [netmask] [if_name] to allow telnet from ip_address bye swapnil Hunt Lee wrote in message news:[EMAIL PROTECTED]; Hi all, I have two questions about PIX 501, it would be great if someone can shed some light on this: 1)Currently, I'm using a software called RANCID to monitor and save configs for my works' routers.I know that RANCID uses a Clogin to get into the router, it then do a show running-config command to veiw the configs, and then backs it up. My question is, would PIX 501 supports Clogin? 2)Also, I know one can use conduit permit icmp any any to allow the PING packets to get thru the PIX. Would I be able to use a similar command which will allow me to telnet from outside network into the PIX? Please help... Best Regards, Hunt Lee Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=37133t=37129 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
