General discussion

Locked

Configure PIX firewall to accept telnet

By Basir_Noutash ·
Hi, Can someone tell me how I can configure CISCO PIX 501 firewall to accept telnet questions? I am using PDM from internet explorer to configure it.
Second question is why the product default configuration does not allow the inside workstations access outside (internet) or router? Do I need to do specific thing on it?
Thanks in Advance

This conversation is currently closed to new comments.

2 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by mshavrov In reply to Configure PIX firewall to ...

PIX firewall should be configured with list of IP addresses, who can "telnet" or "http" into it. Look in PDM in "Configuration" tab. For security reason it's advisable to put just individual IP addresses instead of network ranges.

Second, default configuration allow all "inside" computers access everything behind "outside" interface, unless specifically denied. If you unable to do it, you should carefully follow all steps for initial configuration, to configure NAT translation process. I believe, PDM has something like "initial setup wizard", which allows you to do fully working configuration in 2-3 minutes (if you have your homework done :-).

If you have more questions or details, just email me.

Good luck,

Michael Shavrov
CCNP, CCDP, CCSP, CSS1, MCSE W2K, MCSE+I, Security+, ...

Collapse -

by cw In reply to Configure PIX firewall to ...

To configure telnet from the inside do the following from a console connection to the PIX. (Stay away from the PDM, command line is best)

From privledged mode you will enter global configuration mode by typing the following.
We will assume the inside interface is on the 10.10.10.0/24 network.

PIX# configure terminal
PIX<config>#

The command for telnet access is

PIX<config># telnet 10.10.10.0 255.255.255.0 inside

Additionally you will need to set the password for telneting to the PIX. You do this with the PASSWD command.

PIX<config># PASSWD yourpassword

Question 2.The PIX out of the BOX is not configured to pass traffic. Once you hace set the internal and external addresses, activated the Interfaces (adminstratively down by default) and configured a default route, you activate NAT or PAT.

There are several configurations you can use, static one to one NAT translations, Global NAT pools and PAT. For the purposes of this explanation we will use PAT. A private addresses is in my example, but your assigned registered IP address that you want your clients to use would be substituted here.

PIX<config># global (outside) 1 10.10.10.5

10.10.10.5 (your registered IP here) would be Port Address Translated for your inside hosts. Alternatively if you had only one IP address and were running PIX IOS 6.2 or above you could use this command.

PIX<config>#global (outside) 1 interface

This would cause the IP address assigned to your outside interface to provide a PAT address for your clients.

Almost done. Now you must specify your inside hosts to use NAT when surfing the web. This is accomplished with the NAT (inside) command.

PIX<config>#nat (inside) 1 0 0

This will allow all inside hosts to surf the web.

Hope this helped

Chris Weber CCDP

Back to Security Forum
2 total posts (Page 1 of 1)  

Related Discussions

Related Forums