Solved

Allow Telnet from different subnets Cisco 501 PIX

Posted on 2008-06-13
3
553 Views
Last Modified: 2011-10-03
We have a Cisco 501 PIX at a remote branch that is connected to the main office via VPN.  How do you configure the PIX so that I can telnet into it from the main office LAN.  The remote office is on a 192.168.2.0 subnet and the main office is on a 192.168.1.0 subnet.  They are at different physical locations with different public addresses. Do I have to allow the public address of the main office through on the PIX of the remote office or can it be done "internally" via the subnets.
0
Comment
Question by:kennedy2008
  • 3
3 Comments
 
LVL 57

Accepted Solution

by:
Pete Long earned 125 total points
Comment Utility
>>How do you configure the PIX so that I can telnet into it from the main office LAN

Dont do it that way - use SSH its quicker easier and more secure

Allow SSH to PIX / ASA

First allow an IP address (Or network)

eg

ciscoasa(config)#ssh 217.22.146.123 255.255.255.255 outside

or

ciscoasa(config)#ssh 217.22.146.0 255.255.255.0 outside

or

ciscoasa(config)#ssh 192.168.1.1 255.255.255.255 inside

or

ciscoasa(config)#ssh 192.168.1.0 255.255.255.0 inside


Then (Only do this once) Create an RSA key on the Firewall

ciscoasa(config)# crypto key generate rsa
INFO: The name for the keys will be: <Default-RSA-Key>
Keypair generation process begin. Please wait...
Ciscoasa(config)#

Load an SSH Client on your PC e.g. PuTTy http://www.putty.nl/

Under "HostName (or IP Address) enter the Firewalls details
Tick SSH
Select Open
Note: You can give the connection and Save it for use again.

The first time is connects it will give you a warning about
trusting the other end accept it.

The username is pix
The Password is the Firewalls telent password

Note: The telnet password is set to cisco by default change it
using the passwd command

ciscoasa(config)#passwd newpassword.

Note if there is a problem with the keys, they might have corrupted. To repair


On PIX (v6)

ca zeroize rsa
ca gen rsa key 1024
0
 
LVL 57

Expert Comment

by:Pete Long
Comment Utility
if the traffic is vpn protected you should be able to get telnet access down the tunnle if you have this command in the config

management-access inside
0
 
LVL 57

Expert Comment

by:Pete Long
Comment Utility
ThanQ
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

There are many useful and sometimes not well documented or forgotten IOS or ASA/PIX commands. See IPE article here , there was also one on PacketU and on Cisco Tips & Tricks. Below are my favorites. I give also a few most often used for Cisco IPS an…
From Cisco ASA version 8.3, the Network Address Translation (NAT) configuration has been completely redesigned and it may be helpful to have the syntax configuration for both at a glance. You may as well want to read official Cisco published AS…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now