The serial console permits a single user to configure the PIX Security
Appliance, but often this is not convenient for a site with more than one
administrator. By configuring console access using Telnet, a maximum of 5
concurrent Telnet connections per context can be allowed, if available, with a
maximum of 100 connections divided between all contexts.
Telnet to the
PIX Security Appliance can be enabled on all interfaces. However, the PIX
requires that all Telnet traffic to the outside interface be IPSec protected.
To enable a Telnet session to the outside interface, configure IPSec on the
outside interface to include IP traffic generated by the PIX, and enable Telnet
on the outside interface.
The following are the Telnet configuration
commands:
-
telnet – Specifies which hosts can access the PIX
Security Appliance console using Telnet. Up to 16 hosts or networks can be
specified.
-
telnet timeout – Sets the maximum time a console Telnet
session can be idle before being logged off by the PIX Security Appliance. The
default is five minutes.
-
passwd – Sets the password for Telnet access to the PIX
Security Appliance. The default value is cisco.
In Figure
, host 10.0.0.11
on the internal interface is allowed to access the PIX Security Appliance
console using Telnet with the password telnetpass. If the Telnet session
is idle more than fifteen minutes, the PIX closes it.
The following
commands enable the administrator to view and clear Telnet configuration and
Telnet sessions
:
-
show running-config telnet – Displays the current list
of IP addresses authorized to access the PIX Security Appliance using Telnet.
This command can also be used to display the number of minutes that a Telnet
session can remain idle before being closed by the PIX.
-
clear configure telnet – Removes the Telnet connection
and the idle timeout from the configuration.
-
who – Enables the administrator to view the IP
addresses that are currently accessing the PIX Security Appliance console using
Telnet.
-
kill – Terminates a Telnet session. When a Telnet
session is killed, the PIX Security Appliance lets any active commands
terminate and then drops the connection without warning the user.