Allowing Ssh; Chapter 11 Allowing Remote Management - Cisco Catalyst 6500 Series Configuration Manual
Catalyst 6500 series switch and
cisco 7600 series router firewall services
Hide thumbs
Also See for Catalyst 6500 Series:
- Software configuration manual (570 pages) ,
- Configuration note (212 pages) ,
- Installation manual (194 pages)
Table of Contents
Advertisement
Allowing SSH
To configure Telnet access to the FWSM, follow these steps:
To identify the IP addresses from which the FWSM accepts connections, enter the following command
Step 1
for each address or subnet:
FWSM/contexta(config)# telnet source_IP_address mask source_interface
The source_interface cannot be the lowest security interface unless you use Telnet inside an IPSec tunnel
(See the
For example, you must configure at least two interfaces so the FWSM can determine the lowest security
interface. If you configure a single interface (for the admin context, for example), then that interface is
both the highest and the lowest security interface and cannot be used. Similarly, if all interfaces are on
the same security level, you cannot use Telnet.
(Optional) To set the duration for how long a Telnet session can be idle before the FWSM disconnects
Step 2
the session, enter the following command:
FWSM/contexta(config)# telnet timeout minutes
Set the timeout from 1 to 1440 minutes. The default is 5 minutes. The default duration is too short in
most cases and should be increased until all pre-production testing and troubleshooting has been
completed.
For example, to let a host on the inside interface with an address of 192.168.1.2 access the FWSM, enter
the following command:
FWSM/contexta(config)# telnet 192.168.1.2 255.255.255.255 inside
FWSM/contexta(config)# telnet timeout 30
To allow all users on the 192.168.3.0 network to access the FWSM on the inside interface, enter the
following command:
FWSM/contexta(config)# telnet 192.168.3.0 255.255.255.0 inside
Allowing SSH
The FWSM allows SSH connections to the FWSM for management purposes. You can control the
number of SSH sessions allowed per context using resource classes (see the
section on page
available, with a maximum of 100 connections divided between all contexts. See the
section on page A-5
system.
SSH is an application running on top of a reliable transport layer, such as TCP/IP, that provides strong
authentication and encryption capabilities. FWSM supports the SSH remote shell functionality provided
in SSH Version 1 and supports DES and 3DES ciphers.
SSH v1.x and v2 are entirely different protocols and are not compatible. Make sure that you download
Note
a client that supports SSH v1.x.
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide
11-2
"Allowing a VPN Management Connection" section on page
5-14). The FWSM allows a maximum of 5 concurrent SSH connections per context, if
for information about the maximum number of SSH rules allowed for the entire
Chapter 11
Allowing Remote Management
11-5).
"Configuring a Class"
"Rule Limits"
OL-6392-01
Advertisement
Table of Contents
Troubleshooting
