At 04:25 PM 4/19/01 -0400, Scott Dees wrote:
>Anyone who can help me.
>
> I have a PIX 515 running IOS ver 5.3(1) and am trying to set it up to
be
>able to telnet into it from the outside. It is up and running perfectly
>aside from this little quirk.
>
>First question is this possible?
>Second question how do you do it?
>
>Any help will be greatly appreciated
>
>Scott
I only tried this with the SSH daemon, I see no reason why it can't work
with telnet aside from the security risks.
You need to turn on the telnet daemon. so
telnet 0.0.0.0 0.0.0.0 outside
have an ACL open up port 23 (well I open up a conduit, which might be
overkill, since you already bound the daemon to the outside interface)
conduit permit tcp host eq 23 any
Now, I hope you do listen to this part, but I strongly suggest NOT doing
this. Telnet is a clear text protocol, and the pix is a powerful
firewall. This is an Achilles Heel to the box to remotely telnet in clear
text! Use a VPN, or dial-in to the back and telnet to the internal
port. Or, use SSH if you have the DES/3DES key activated! Then use
similar commands to enable ssh. (ssh is port 22 by the way).
To enable SSH, you need to generate an RSA key pair. (you also need the
DES/3DES key)
conf t
ca generate rsa 1024
ca save all
ssh 0.0.0.0 0.0.0.0 outside
conduit permit tcp host eq 22 any
-Carroll Kong
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=1314&t=1285
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
