[nsp] telnet to PIX firewall ..
Jeff Chambers
jc at nuvox.net
Tue Mar 23 23:31:41 EST 2004
Here are some snippets from the PIX documentation. Basically,
any telnet connections to the outside interface have to
be over IPSEC connections.
Jeff.
snip #1
----
The telnet command lets you specify which hosts can access the PIX
Firewall console with Telnet. You can enable Telnet to the PIX
Firewall on all interfaces. However, the PIX Firewall enforces that
all Telnet traffic to the outside interface be IPSec protected.
Therefore, to enable Telnet session to the outside interface,
configure IPSec on the outside interface to include IP traffic
generated by the PIX Firewall and enable Telnet on the outside interface.
snip #2
----
If you need to access the PIX Firewall console from outside the
PIX Firewall, you can use a static and access-list command pair to
permit a Telnet session to a Telnet server on the inside interface,
and then from the server to the PIX Firewall. In addition, you can
attach the console port to a modem but this may add a security
problem of its own. You can use the same terminal settings as for
HyperTerminal, which is described in the Cisco PIX Firewall and
VPN Configuration Guide.
If you have IPSec configured, you can access the PIX Firewall
console with Telnet from outside the PIX Firewall. Once an IPSec
tunnel is created from an outside host to the PIX Firewall, you
can access the console from the outside host.
http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_command_refer
ence_chapter09186a0080104256.html#1025921
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net]On Behalf Of MGG
Sent: Tuesday, March 23, 2004 6:00 PM
To: cisco-nsp at puck.nether.net
Subject: [nsp] telnet to PIX firewall ..
Dear All,
We have multi-layered security zones in our network and these zones are
delimited using multiple PIX firewalls. The mgmt. devices reside somewhere
in the middle and on the most secure side of the network, we have two PIX
firewalls running v5.3 and they can only support telnet and only accessible
using outside interface. I have updated the configuration with:
telnet "$mgmt.IP" 255.255.255.255 outside
and I have not been able to telnet into those boxes. However, SNMP to the
outside interface works fine, only telnet doesn't seem to work. Is this not
supported configuration or did I miss a step? There is a plan to upgrade
them in future (with ssh support in mind) in the mean I need a fix...
Thanks for your input in advance,
Regards,
MGG.
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list