telnet sur un router

[klere]

bonjour, <BR>g un petit pobleme pratique, j'aimerai administrer un routeur fiewalle grace a telnet cependant il m'est actuellement impossible de le faire .... <BR>quelle est la commande permttant d'autoriser l'acces telnet ? <BR> <BR>merci de votre reponse <BR>@+ <BR>

[tomtom]

Tu ne pesnes pas que ça pourrait aider de connaitre le modèle du routeur ? (au moins la marque <IMG SRC="images/smiles/icon_wink.gif"> ).. <BR> <BR>T.

[klere]

ah oui desolé .... <IMG SRC="images/smiles/icon_rolleyes.gif"> la marque c un cisco mai je n connai pas le model

[tomtom]

enable <BR># conf t <BR># line vty 0 4 <BR># login <BR># password mon_pass <BR> <BR> <BR>t.

[klere]

merci je vai essayer

[klere]

la commande ne marche pas , je n'est pas la possibilité d'utiliser la commande line <BR> <BR>une info complementaire : <BR>le routeur est un cisco PIX 515 E <BR> <BR>merci

[tomtom]

argh un pix.. C'est pas un routeur ça <IMG SRC="images/smiles/icon_smile.gif"> <BR> <BR>Je ragrde la doc, je te tiens au courant... <BR> <BR>t.

[tomtom]

telnet <BR> <BR>Specify the host for PIX Firewall console access via Telnet. <BR> <BR> telnet ip_address [netmask] [if_name] <BR> clear telnet [ip_address [netmask] [if_name]] <BR> no telnet [ip_address [netmask] [if_name]] <BR> telnet timeout minutes <BR> show telnet <BR> show telnet timeout <BR> <BR>Syntax Description <BR> <BR>if_name <BR> <BR> <BR>If IPSec is operating, PIX Firewall lets you specify an unsecure interface name, typically, the outside interface. At a minimum, the crypto map command must be configured to specify an interface name with the telnet command. <BR> <BR>ip_address <BR> <BR> <BR>An IP address of a host or network that can access a PIX Firewall Telnet management session. If an interface name is not specified, the address is assumed to be on an internal interface. PIX Firewall automatically verifies the IP address against the IP addresses specified by the ip address commands to ensure that the address you specify is on an internal interface. If an interface name is specified, PIX Firewall only checks the host against the interface you specify. <BR> <BR>netmask <BR> <BR> <BR>Bit mask of ip_address. To limit access to a single IP address, use 255 in each octet; for example, 255.255.255.255. If you do not specify netmask, it defaults to 255.255.255.255 regardless of the class of local_ip. Do not use the subnetwork mask of the internal network. The netmask is only a bit mask for the IP address in ip_address. <BR> <BR>timeout minutes <BR> <BR> <BR>The number of minutes that a Telnet session can be idle before being closed by PIX Firewall. The default is 5 minutes. The range is 1 to 60 minutes. <BR> <BR>Command Modes <BR> <BR>Configuration mode. <BR> <BR>Usage Guidelines <BR> <BR>The telnet command lets you specify which hosts can access the PIX Firewall console with Telnet. You can enable Telnet to the PIX Firewall on all interfaces. However, the PIX Firewall enforces that all Telnet traffic to the outside interface be IPSec protected. Therefore, to enable Telnet session to the outside interface, configure IPSec on the outside interface to include IP traffic generated by the PIX Firewall and enable Telnet on the outside interface. <BR> <BR>A maximum of five (5) active Telnet management sessions to the PIX Firewall are allowed at the same time. The show telnet command displays the current list of IP addresses authorized to Telnet to the PIX Firewall. Use the no telnet or clear telnet command to remove Telnet access from a previously set IP address. Use the telnet timeout feature to set the maximum time a console Telnet session can be idle before being logged off by PIX Firewall. The clear telnet command does not affect the telnet timeout command duration. The no telnet command cannot be used with the telnet timeout command. <BR> <BR>Use the passwd command to set a password for Telnet access to the console. The default is cisco. Use the who command to view which IP addresses are currently accessing the PIX Firewall console. Use the kill command to terminate an active Telnet management session. <BR> <BR>If the aaa command is used with the console option, Telnet management access must be authenticated with an authentication server. <BR> Note If you have configured the aaa command to require authentication for PIX Firewall Telnet management access and the console login request times out, you can gain access to the PIX Firewall from the serial console by entering the pix username and the password that was set with the enable password command. <BR>Usage Notes <BR> <BR>1. If you do not specify the interface name, the telnet command adds command statements to the configuration to let the host or network access the Telnet management session from all internal interfaces. <BR> <BR>When you use the show telnet command, this assumption may not seem to make sense. For example, if you enter the following command without a netmask or interface name. <BR>telnet 192.168.1.1 <BR> <BR>If you then use the show telnet command, you see that not just one command statement is specified, but all internal interfaces are represented with a command statement: <BR>show telnet <BR>192.168.1.1 255.255.255.255 inside <BR>192.168.1.1 255.255.255.255 intf2 <BR>192.168.1.1 255.255.255.255 intf3 <BR> <BR>The purpose of the show telnet command is that, were it possible, the 192.168.1.1 host could access the Telnet management session from any of these internal interfaces. An additional facet of this behavior is that you must delete each of these command statements individually with the following commands. <BR>no telnet 192.168.1.1 255.255.255.255 inside <BR>no telnet 192.168.1.1 255.255.255.255 intf2 <BR>no telnet 192.168.1.1 255.255.255.255 intf3 <BR> <BR>2. To access the PIX Firewall with Telnet from the intf2 perimeter interface, use the following command: <BR>telnet 192.168.1.1 255.255.255.255 int2 <BR> <BR>3. The default password to access the PIX Firewall console via Telnet is cisco. <BR> <BR>4. Some Telnet applications such as the Windows 95 or Windows NT Telnet sessions may not support access to the PIX Firewall unit's command history feature via the arrow keys. However, you can access the last entered command by pressing Ctrl-P. <BR> <BR>5. The telnet timeout command affects the next session started but not the current session. <BR> <BR>6. If you connect a computer directly to the inside interface of the PIX Firewall with Ethernet to test Telnet access, you must use a cross-over cable and the computer must have an IP address on the same subnet as the inside interface. The computer must also have its default route set to be the inside interface of the PIX Firewall. <BR> <BR>7. If you need to access the PIX Firewall console from outside the PIX Firewall, you can use a static and access-list command pair to permit a Telnet session to a Telnet server on the inside interface, and then from the server to the PIX Firewall. In addition, you can attach the console port to a modem but this may add a security problem of its own. You can use the same terminal settings as for HyperTerminal, which is described in the Cisco PIX Firewall and VPN Configuration Guide. <BR> <BR>If you have IPSec configured, you can access the PIX Firewall console with Telnet from outside the PIX Firewall. Once an IPSec tunnel is created from an outside host to the PIX Firewall, you can access the console from the outside host. <BR> <BR>8. Output from the debug crypto ipsec, debug crypto isakmp, and debug ssh commands do not display in a Telnet or SSH console session. For information about the debug crypto ipsec and debug crypto isakmp commands, refer to the debug command page. <BR> <BR>Examples <BR> <BR>The following examples permit hosts 192.168.1.3 and 192.168.1.4 to access the PIX Firewall console via Telnet. In addition, all the hosts on the 192.168.2.0 network are given access: <BR>telnet 192.168.1.3 255.255.255.255 inside <BR>telnet 192.168.1.4 255.255.255.255 inside <BR>telnet 192.168.2.0 255.255.255.0 inside <BR>show telnet <BR>192.168.1.3 255.255.255.255 inside <BR>192.168.1.4 255.255.255.255 inside <BR>192.168.2.0 255.255.255.0 inside <BR> <BR>You can remove individual entries with the no telnet command or all telnet command statements with the clear telnet command: <BR>no telnet 192.168.1.3 255.255.255.255 inside <BR>show telnet <BR>192.168.1.4 255.255.255.255 inside <BR>192.168.2.0 255.255.255.0 inside <BR>clear telnet <BR>show telnet <BR> <BR>You can change the maximum session idle duration as follows: <BR>telnet timeout 10 <BR>show telnet timeout <BR>telnet timeout 10 minutes <BR> <BR>An example Telnet login session appears as follows (the password does not display when entered): <BR>PIX passwd: cisco <BR> <BR>Welcome to the PIX Firewall <BR> <BR>Type help or `?' for a list of available commands. <BR>pixfirewall> <BR> <BR>Related Commands <BR> <BR> * aaa accounting <BR> * kill <BR> * password <BR> * who <BR> <BR> <BR><!-- BBCode Start --><B> <BR>[pour info] <BR>Le site de cisco est assez fourni en documentation.. Il faut penser à s'en servir !!! <BR>[/info]</B><!-- BBCode End --> <BR> <BR>T.

[ldidier]

Une autre idée utilisez l'interface d'admin web qui est sur le cd de cisco. Quant au telnet, c'est franchement pas une bonne idée sur un FW. Il me semblait qu'il existait une implentation ssh sur les PIX, me trompe-je ? <BR> <BR>De plus si vous aborder le sujet PIX, cela demande comme tous FW, de connaitre le minimum en terme de réseau, et de sécurité.