How to Add Telnet Console access to PIX Firewall

To configure or manage PIX Firewall from multiple locations we need to configure Telnet Console Access.In PIX firewall, the serial console lets a single user configure the device, but for a site with more than one administrator its not convenient to have only one console through serial interface. PIX Firewall lets you access the serial console via Telnet from hosts on any internal interface.

Furthermore, with IPSec configured, you can use Telnet to remotely administer the console of a PIX Firewall from the outside interface, this greatly ease the remote configuration and management of PIX firewall.

Configuring Telnet Console Access

Below are the steps to configure Telnet console access:

Step 1

Here, lets assume a host on the internal interface with address of 192.168.1.2 access the PIX Firewall. Using the following PIX Firewall telnet command will allow that host to get a Telnet session:

telnet 192.168.1.2 255.255.255.255 inside

If IPSec is enabled, a host on the outside interface can also access PIX Firewall console by using:

telnet 209.165.200.225 255.255.255.224 outside

Step 2

For various reasons, it is often required to set the duration for how long a Telnet session can be idle before PIX Firewall disconnects the session. The default duration, 5 minutes, is sometimes too short in most cases and may be increased as follows:

telnet timeout 15

This example increase the timeout value to 15 minutes.

Step 3

For further security, you may want to protect access to the console with an authentication server, in this case you can use the aaa authentication telnet console command, which requires that you have a username and password on the authentication server.

Under this configuration, when you access the console, PIX Firewall prompts you for these login credentials.

Note:If the authentication server is offline, you can still access the console by using the username pix and the password set with the enable password command.

Step 4

Save the commands in the configuration using command:

write memory

Testing Telnet access:

After configuring Telnet console access, you can use steps below to verify its functionality.

Step 1

From the host, start a Telnet session to a PIX Firewall interface IP address. For example, if the inside interface IP address of PIX firewall is 192.168.1.1, enter the following command:

telnet 192.168.1.1

Step 2

The PIX Firewall prompts you with a password:

PIX passwd:

Enter cisco and press the Enter key. You are then logged into the PIX Firewall.

Note:The default password is cisco, which you can change with the passwd command.

For testing purpose, you can enter any command on the Telnet console that you can set from the serial console, but if you reboot the PIX Firewall, you will need to log back into the PIX Firewall after it restarts.

________________________________________________________________________________

To Receive FREE PIX Articles in Email...Click Here

________________________________________________________________________________