506e Allow telnet into PIX from outside/internet

I want to be able to administer a PIX remetly with telnet.
SO i did the following.

access-list outside_int permit tcp any host 66.36.45.128 eq telnet

and

access-group outside_int in interface outside

This doesnt work.

Fixup Protcol doesnt list telnet, BUT when I specify port 23 it puts telnet in there. I try to add Fixup protocol telnet 23 it says "bad protocol.

Any Ideas?

remove the access-list

telnet <outside interface ip address> outside

#use show telnet to verify the entry, is better to use ssh instead of telnet

let us know whether it work.

hi
also follow this if it would be of any use to you,

i have the same problem, but im trying to use ssh instead of telnet

www.firewall.cx/ftopict-2231.html

Hi ,


From the internal network u can do telnet..( Telnet session is a clear text transmission)...from the outside network if at all u cant use telnet to manage the device the only possible way is use SSH otherwise u can't manage the pix from the external network...

do the following set of commands

ssh <foreign_ip> <mask> outside!
ca generate rsa key 512

i hope this will solve your problem...

Yup,
What Gopi says is absolutely right.
you should try ssh instead of telnet. Otherwise whats the point of having such a secure device when u can easily compromise it from the outside by using clear text telnet?

Definitely, your PIX is capable of being administered by ssh. You need to use it!! It requires a couple more steps, but it's far more secure.