Allow Telnet from different subnets Cisco 501 PIX

We have a Cisco 501 PIX at a remote branch that is connected to the main office via VPN.  How do you configure the PIX so that I can telnet into it from the main office LAN.  The remote office is on a 192.168.2.0 subnet and the main office is on a 192.168.1.0 subnet.  They are at different physical locations with different public addresses. Do I have to allow the public address of the main office through on the PIX of the remote office or can it be done "internally" via the subnets.
kennedy2008Asked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
Pete LongConnect With a Mentor Technical ConsultantCommented:
>>How do you configure the PIX so that I can telnet into it from the main office LAN

Dont do it that way - use SSH its quicker easier and more secure

Allow SSH to PIX / ASA

First allow an IP address (Or network)

eg

ciscoasa(config)#ssh 217.22.146.123 255.255.255.255 outside

or

ciscoasa(config)#ssh 217.22.146.0 255.255.255.0 outside

or

ciscoasa(config)#ssh 192.168.1.1 255.255.255.255 inside

or

ciscoasa(config)#ssh 192.168.1.0 255.255.255.0 inside


Then (Only do this once) Create an RSA key on the Firewall

ciscoasa(config)# crypto key generate rsa
INFO: The name for the keys will be: <Default-RSA-Key>
Keypair generation process begin. Please wait...
Ciscoasa(config)#

Load an SSH Client on your PC e.g. PuTTy http://www.putty.nl/

Under "HostName (or IP Address) enter the Firewalls details
Tick SSH
Select Open
Note: You can give the connection and Save it for use again.

The first time is connects it will give you a warning about
trusting the other end accept it.

The username is pix
The Password is the Firewalls telent password

Note: The telnet password is set to cisco by default change it
using the passwd command

ciscoasa(config)#passwd newpassword.

Note if there is a problem with the keys, they might have corrupted. To repair


On PIX (v6)

ca zeroize rsa
ca gen rsa key 1024
0
 
Pete LongTechnical ConsultantCommented:
if the traffic is vpn protected you should be able to get telnet access down the tunnle if you have this command in the config

management-access inside
0
 
Pete LongTechnical ConsultantCommented:
ThanQ
0
All Courses

From novice to tech pro — start learning today.