Configuring PIX 501 For External Telnet Access

Curiosityx

Curiosityx

Curiosityx

Soldato
Joined
17 Oct 2002
Posts
3,941
Location
West Midlands
Greetings i have a PIX 501 on a static external address and fixed internal address.

Very little configuration has been done apart from establishing connectivity, i have also entered a static route to the next hop being a router.

Im trying to allow external access to the unit via telnet from a single host, i have configured the command.

telnet "IP Address" "255.255.255.255" outside

But i am unable to configure an access-list to complement it.

I also have a dynamic NAT pool configured for PAT

Could anyone throw a few suggestions into the pot? Ive tried

access-list OutToIn permit tcp host "Remote IP Address" "Inside Address of PIX" eq 23
 
Curiosityx said:
Greetings i have a PIX 501 on a static external address and fixed internal address.

Very little configuration has been done apart from establishing connectivity, i have also entered a static route to the next hop being a router.

Im trying to allow external access to the unit via telnet from a single host, i have configured the command.

telnet "IP Address" "255.255.255.255" outside

But i am unable to configure an access-list to complement it.

I also have a dynamic NAT pool configured for PAT

Could anyone throw a few suggestions into the pot? Ive tried

access-list OutToIn permit tcp host "Remote IP Address" "Inside Address of PIX" eq 23
Click to expand...
The PIX won't accept telnet for management purposes, use SSH instead.
or are you trying to telnet to a machine behind the PIX ?

/edit/

enable external SSH access to the pix.

ssh <IP ADDRESS> 255.255.255.255 outside
ssh timeout 5
 
Last edited:
More useful post ;)


a snippit from my basic "PIX config" checklist that I use...

!set password
passwd <password>
!set enable password
enable password <password>
!aaa stuff
aaa authentication http console LOCAL
aaa authentication ssh console LOCAL
aaa authentication serial console LOCAL
aaa authentication enable console LOCAL
aaa authentication telnet console LOCAL
aaa authorization command LOCAL
!Set Hostname
hostname <pix hostname>
domain-name <domain.name>
!set interfaces
nameif ethernet0 outside security0
nameif ethernet1 inside security100
!set interface speeds
interface ethernet0 100full
interface ethernet1 100full
!set IP addresses
ip address outside <address> <subnet mask>
ip address inside <address> <subnet mask>
!set default route
route outside 0.0.0.0 0.0.0.0 <gateway address> 1
!nat and global
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
global (outside) 1 interface
!SSH access stuff
!make sure host/domain name set
!generate RSA key pair
ca generate rsa key 1024
!save RSA key
ca save all
!configure external SSH access
ssh <ip address> <subnet mask> outside
!configure internal SSH access
ssh <ip address> <subnet mask> inside
!set ssh timeout
ssh timeout 5
 
Yep and don't forget to generate your crypto keys for the SSH session.


Edit: That will teach me to leave the "post" window open while i get a drink :p
 
You must log in or register to reply here.
Back
Top Bottom