RE: how to enable telnet on the outside interface for PIX

From: Christopher M. Heffner (cheffner@certified-labs.com)
Date: Sun Aug 21 2005 - 22:05:03 GMT-3

• Next message: Scott Morris: "RE: Routing updates through a firewall"
• Previous message: Brant I. Stevens: "Re: Routing updates through a firewall"
• Maybe in reply to: muath_thebest@hotmail.com: "how to enable telnet on the outside interface for PIX"
• Next in thread: Thomas: "Re: how to enable telnet on the outside interface for PIX"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I personally would not setup telnet on the outside interface. The
question was how to setup telnet on the outside interface. Since the
pix will not allow telnet on the outside interface unless there is an
ipsec tunnel to the outside interface the telnet traffic would be secure
via the ipsec tunnel.

Later.

Christopher M. Heffner, CCIE 8211, CCSI 98760

Strategic Network Solutions, Inc.

________________________________

From: john matijevic [mailto:john.matijevic@gmail.com]
Sent: Sunday, August 21, 2005 7:43 PM
To: Christopher M. Heffner
Cc: muath_thebest@hotmail.com; ccielab@groupstudy.com
Subject: Re: how to enable telnet on the outside interface for PIX

Hello,

Why would you want to enable telnet on the outside interface of the pix?
Telnet traffic is passed clear text and not very secure. I would
recommend setting up secure shell for the outside interface.

Sincerely,

John

On 8/21/05, Christopher M. Heffner <cheffner@certified-labs.com> wrote:

In order to allow telnet to the outside interface you must first
explicitly enable telnet on the outside interface.

telnet x.x.x.x outside

Second you must be running the outside interface in a secure mode with
IPSec to permit telnet traffic to the outside interface.

Here is the syntax description from the 6.3 command reference guide.

========================================================================
====

If IPSec is operating, PIX Firewall lets you specify an unsecure
interface name, typically, the outside interface. At a minimum, the
crypto map command must be configured to specify an interface name with
the telnet command.

========================================================================
====

HTH.

Christopher M. Heffner, CCIE 8211, CCSI 98760
Strategic Network Solutions, Inc.
VP of Internetworking Technologies

www.certified-labs.com

"Complete CCIE R&S and Security Online Rack Rentals"

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
muath_thebest@hotmail.com
Sent: Sunday, August 21, 2005 9:43 AM
To: ccielab@groupstudy.com
Subject: how to enable telnet on the outside interface for PIX

HI,
Can any body send me the part of configuration needed to make someone on
the outside be able to do telnet on outside interface of pixfirewall.
I already enabled the telent on the inside and DMZ interfaces. but I do
not know how I can enable it for outside.

• Next message: Scott Morris: "RE: Routing updates through a firewall"
• Previous message: Brant I. Stevens: "Re: Routing updates through a firewall"
• Maybe in reply to: muath_thebest@hotmail.com: "how to enable telnet on the outside interface for PIX"
• Next in thread: Thomas: "Re: how to enable telnet on the outside interface for PIX"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Sep 04 2005 - 17:01:19 GMT-3