Managing System Access; Allowing Telnet Access - Cisco PIX 500 Series Configuration Manual

Managing System Access

This chapter describes how to access the security appliance for system management through Telnet,
SSH, and HTTPS (using ASDM). It also describes how to authenticate and authorize users and how to
create login banners.
This chapter includes the following sections:
•
•
•
•
•
•
Note To access the security appliance interface for management access, you do not also need an access list
allowing the host IP address. You only need to configure management access according to the sections
in this chapter.

Allowing Telnet Access

The security appliance allows Telnet connections to the security appliance for management purposes.
You cannot use Telnet to the lowest security interface unless you use Telnet inside an IPSec tunnel.
The security appliance allows a maximum of 5 concurrent Telnet connections per context, if available,
with a maximum of 100 connections divided between all contexts.
To configure Telnet access to the security appliance, follow these steps:
To identify the IP addresses from which the security appliance accepts connections, enter the following
Step 1
command for each address or subnet:
hostname(config)# telnet source_IP_address mask source_interface
If there is only one interface, you can configure Telnet to access that interface as long as the interface
has a security level of 100.
(Optional) To set the duration for how long a Telnet session can be idle before the security appliance
Step 2
disconnects the session, enter the following command:
OL-12172-03
Allowing Telnet Access, page 40-1
Allowing SSH Access, page 40-2
Allowing HTTPS Access for ASDM, page 40-3
Managing the Security Appliance on a Different Interface from the VPN Tunnel Termination
Interface, page 40-5
Configuring AAA for System Administrators, page 40-5
Configuring a Login Banner, page 40-19
C H A P T E R
Cisco Security Appliance Command Line Configuration Guide
40
40-1