Vahik
asked on
Trying to understand TELNET command
telnet 0 0 inside
telnet 192.168.3.0 255.255.255.0
telnet 192.168.3.25 255.255.255.255
the first comand will allow telnet from any host...the second command will allow telenet
from that subnet....the third command will allow telnet only from that specific host from inside my network...
Am i corrrect in my assumption?
Now what command will enable (allow)telent to PIX's outside interface(i understand it is not the ideal setup)? lets assume public ip for outside interface is 200.200.200.201
If i have an exchange server inside firewall and for troubleshooting i had to allow telenet
into Exchange server do i need to configure ACL and Static for the exchange ip address?
I need to learn pix like it was yesterday and will have to ask a few questions so i will keep
them simple . I appreciate your help.
telnet 192.168.3.0 255.255.255.0
telnet 192.168.3.25 255.255.255.255
the first comand will allow telnet from any host...the second command will allow telenet
from that subnet....the third command will allow telnet only from that specific host from inside my network...
Am i corrrect in my assumption?
Now what command will enable (allow)telent to PIX's outside interface(i understand it is not the ideal setup)? lets assume public ip for outside interface is 200.200.200.201
If i have an exchange server inside firewall and for troubleshooting i had to allow telenet
into Exchange server do i need to configure ACL and Static for the exchange ip address?
I need to learn pix like it was yesterday and will have to ask a few questions so i will keep
them simple . I appreciate your help.
ASKER
decoleur thanks for ur response. If i understand you correctly by mentioning INSIDE,DMZ
or MANAGEMENT we are specifying the direction that TELNET is comming from and has
nothing to do with INSIDE or OUTSIDE interfaces....and if you ommit interface_name
TELNET will be allowed to PIX from anywhere inside your network..
Now the reason i asked for clarification regarding TELNET to PIX's OUTSIDE interface from outside was i read that it was not possible to TELNET in to your PIX's outside interface from outside??? and if so how can i TELNET in to my Exchange server if i only had one static ip assigned to me by my ISP??? even if i were to use ACL...
i am confused but i hope i do not confuse you...
or MANAGEMENT we are specifying the direction that TELNET is comming from and has
nothing to do with INSIDE or OUTSIDE interfaces....and if you ommit interface_name
TELNET will be allowed to PIX from anywhere inside your network..
Now the reason i asked for clarification regarding TELNET to PIX's OUTSIDE interface from outside was i read that it was not possible to TELNET in to your PIX's outside interface from outside??? and if so how can i TELNET in to my Exchange server if i only had one static ip assigned to me by my ISP??? even if i were to use ACL...
i am confused but i hope i do not confuse you...
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Ps - as per decoleur - avoid conduits....no longer supported after 6.3(4)
ASKER
Thanks folks ...appreciate your help.
telnet 0 0 inside
telnet 192.168.3.0 255.255.255.0
telnet 192.168.3.25 255.255.255.255
the first command will allow telnet from any host...the second command will allow telnet
from that subnet....the third command will allow telnet only from that specific host from inside my network...
Am i correct in my assumption?
No you almost got one out of three
the format should be:
command IP mask interface
for any inside try:
telnet 0.0.0.0 0.0.0.0 inside
from http://www.netcraftsmen.net/welcher/papers/pix02.html
If you wish to allow telnet to the PIX, you need to configure which hosts are allowed in. To allow a single host to telnet in via the inside interface:
telnet 10.1.1.100 255.255.255.255 inside
To allow any station on subnet 10.1.1.0 /24 to telnet in via the inside interface:
telnet 10.1.1.0 255.255.255.0 inside
If you have a host on the management segment that is allowed to telnet to the PIX, you might also want:
telnet 10.2.2.100 255.255.255.255 management
If you have a device that you want to telnet into your outside interface that had the IP address 12.200.100.3, you might try:
telnet 12.200.100.3 255.255.255.255. outside
to allow someone to telnet to your exchange server you just need to open up an ACL on the public IP that is translated to your exchange server, there are many ways that you can configure this you should look at the sample config for setting up a single network from: http://www.cisco.com/warp/public/110/single-net.shtml and add telnet to the ACL
access-list 100 permit tcp any host 204.69.198.4 eq telnet
also check out the pix configuration examples at cisco: http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/prod_configuration_examples_list.html
HTH
-t