Re: telnet access to pix
Frank, Telnet access is only allowed from the inside interface UNLESS you have IPSEC (Encryption standard for VPN's) configured and then you would do this telnet 192.168.1.1 255.255.255.0 outside Paul --- Frank Kim [EMAIL PROTECTED] wrote: Hey guys, I got eth0= security0 and eth1=security100. I'm able to telnet from the inside network. Is there any way for me to telnet from the outside? Pix has disabled this by default. -Frank _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: telnet access to pix
Hi, The PIX firewall doesn't support telnet through the outside interface, the exception to that is if the telnet session is through a secured connection via VPN needless to say that you need to configure the telnet server to accept specific IP's. # In the future OS versions, as far as I know, it will be possible, it is on Cisco's road map. Gil -Original Message- From: Frank Kim [mailto:[EMAIL PROTECTED]] Sent: ??? 09 ?? 2001 22:42 To: [EMAIL PROTECTED] Subject: telnet access to pix Hey guys, I got eth0= security0 and eth1=security100. I'm able to telnet from the inside network. Is there any way for me to telnet from the outside? Pix has disabled this by default. -Frank _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: telnet access to pix
Allowing telnet carves a hole in the firewall. Gil is right- tunnel to tunnel VPN access then going back to the firewall (from inside it's protected domain), from an IP you approve for management (usually a server). We also use encrypted dial-up boxes, along with remote power on supplies. If the location is down, you can call the power supply (switch on the modem), them setup a secure dial session to the firewall. Phil - Original Message - From: "Gil Shulman" [EMAIL PROTECTED] To: "'Frank Kim'" [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Sunday, February 11, 2001 6:56 AM Subject: RE: telnet access to pix Hi, The PIX firewall doesn't support telnet through the outside interface, the exception to that is if the telnet session is through a secured connection via VPN needless to say that you need to configure the telnet server to accept specific IP's. # In the future OS versions, as far as I know, it will be possible, it is on Cisco's road map. Gil -Original Message- From: Frank Kim [mailto:[EMAIL PROTECTED]] Sent: ??? 09 ?? 2001 22:42 To: [EMAIL PROTECTED] Subject: telnet access to pix Hey guys, I got eth0= security0 and eth1=security100. I'm able to telnet from the inside network. Is there any way for me to telnet from the outside? Pix has disabled this by default. -Frank _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: telnet access to pix
Watch the line wrap: From http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v52/config/com mands.htm#xtocid1604970 "If IPSec is operating, PIX Firewall lets you specify an unsecure interface name, typically, the outside interface. At a minimum, the crypto map command must be configured to specify an interface name with the telnet command." So the answer is yes, but with caveats. Tommy -Original Message- From: Frank Kim [mailto:[EMAIL PROTECTED]] Sent: Friday, February 09, 2001 3:42 PM To: [EMAIL PROTECTED] Subject: telnet access to pix Hey guys, I got eth0= security0 and eth1=security100. I'm able to telnet from the inside network. Is there any way for me to telnet from the outside? Pix has disabled this by default. -Frank _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: telnet access to pix
Frank, The only way to telnet to the outside interface is to enable ipsec. If you don't feel like dealing with it (I didn't!!!) use SSH. You have to download the 56-bit Key (Free from Cisco) and enable SSH on your PIX. IPSEC forces you to use VPN client from your PC. Any SSH (I'm using Tera Term Pro, its free) would do the job. Hope this helps a bit. Nabil -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Frank Kim Sent: Friday, February 09, 2001 3:42 PM To: [EMAIL PROTECTED] Subject: telnet access to pix Hey guys, I got eth0= security0 and eth1=security100. I'm able to telnet from the inside network. Is there any way for me to telnet from the outside? Pix has disabled this by default. -Frank _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
