Categories
Welcome Center
Education & Development
Discussions
Certification Preparation
Recent Posts
Groups
Free Resources
Ebooks
Free Workshops
Trending Certifications Infographic
Infosec Training
IT & Security Training
Live Boot Camps
Security Awareness Training
About Infosec Institute
Home
Discussions
Off Topic
Pix Issue
mattrgee
Hi all,
I've had some changes made to our pix, but things aren't working as expected.
We have a VPN device in our dmz with 3 acls that allow: ssh, http and https. There is also a static nat entry between the public ip and the dmz address.
I would normally post the config but I would loose my job if I did!
Anyway, a telnet session to the public ip takes you to what looks like the pix! Has a common mistake been made? Our pix is managed by a third party so not in a position to work with it directly , however I do have a copy of the config.
Thanks.
Find more posts tagged with
Save $250 on 2025 certification boot camps from Infosec!
Book now with code EOY2025
Button
Comments
networker050184
What is the problem? That you get a prompt when telneting to the public IP? If you want telnet disabled just ask the company that manages the box if you don't have rights to change anything.
If you have other issues I don't think we will be able to help you much without a config or at least a lot more information.
mattrgee
No problem, its difficult to explain the entire problem as it is work related and most of the useful info can't be posted.
Thanks anyway.
tiersten
If you change the relevant IPs, keys and passwords then I don't see why posting the config would be bad.
Ahriakin
A Pix will not let you telnet to the outside interface without a VPN being made to it for this purpose, you would have to be on the far end of a VPN to it and Management Access would have to be set to a secure interface for this to work. Also can you clarify a bit, do you mean you have a separate VPN appliance in your DMZ and that the ACL entries are on the outside of the PIX to allow traffic to it, also is the public IP you mention separate to the PIX Pub IP itself or do you have Static PAT to redirect certain protocols from the PIX' interface IP to the VPN appliance?
Quickly you can do a SHOW NAMEIF and verify that the interface security levels are correct, SHOW TELNET to see what restrictions are in place for telnet'ing to the PIX itself on any interface (ACLs do not affect traffic to the PIX, only that which is passing through it)
Quick Links
All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of
INFOSEC Boot Camps
$250
OFF
Use code
EOY2025
to receive $250 off your 2025 certification boot camp!
BROWSE BOOT CAMPS
