PIX Security Appliance Management
Managing Telnet access

The serial console permits a single user to configure the PIX Security Appliance, but often this is not convenient for a site with more than one administrator. By configuring console access using Telnet, a maximum of 5 concurrent Telnet connections per context can be allowed, if available, with a maximum of 100 connections divided between all contexts.

Telnet to the PIX Security Appliance can be enabled on all interfaces. However, the PIX requires that all Telnet traffic to the outside interface be IPSec protected. To enable a Telnet session to the outside interface, configure IPSec on the outside interface to include IP traffic generated by the PIX, and enable Telnet on the outside interface.

The following are the Telnet configuration commands:

  • telnet – Specifies which hosts can access the PIX Security Appliance console using Telnet. Up to 16 hosts or networks can be specified.
  • telnet timeout – Sets the maximum time a console Telnet session can be idle before being logged off by the PIX Security Appliance. The default is five minutes.
  • passwd – Sets the password for Telnet access to the PIX Security Appliance. The default value is cisco.

In Figure , host 10.0.0.11 on the internal interface is allowed to access the PIX Security Appliance console using Telnet with the password telnetpass. If the Telnet session is idle more than fifteen minutes, the PIX closes it.

The following commands enable the administrator to view and clear Telnet configuration and Telnet sessions :

  • show running-config telnet – Displays the current list of IP addresses authorized to access the PIX Security Appliance using Telnet. This command can also be used to display the number of minutes that a Telnet session can remain idle before being closed by the PIX.
  • clear configure telnet – Removes the Telnet connection and the idle timeout from the configuration.
  • who – Enables the administrator to view the IP addresses that are currently accessing the PIX Security Appliance console using Telnet.
  • kill – Terminates a Telnet session. When a Telnet session is killed, the PIX Security Appliance lets any active commands terminate and then drops the connection without warning the user.

Lab Activity

e-Lab Activity: The PIX Security Appliance telnet Command

In this activity, the student will demonstrate how to use the telnet command.

Web Links