由于维护需要telnet思科ASA5500,登陆的方向在ASA的outside区域,网上查询开启telnet只需要一个命令,但是配置后,始终不能正常telnet。
# 192.168.1.1 255.255.255.255是要登录的源IP地址
# outside是源IP地址在ASA的哪个区域
telnet 192.168.1.1 255.255.255.255 outside
找了另一个ASA,登录方向是在ASA的inside区域,按照上面的命令做了配置,马上就可以正常telnet了。说明命令是没有问题。
于是,再google一翻,找到一个链接【https://it.toolbox.com/question/accessing-asa5510-through-telnet-from-outside-040811】,从中找到了多个人的答复,就是从outside方向无法telnet登录思科ASA防火墙,可以改用ssh。
Telnet only works from security level 100 or above and outside is default 0 .
You cannot telnet (TCP/23) to the outside interface of an ASA.
You can however secure telnet (SSH TCP/22) to the outside of an ASA.
the commands are:
config term
ssh x.x.x.x 255.255.255.255 outside
or
ssh x.x.x.0 255.255.255.0 outside
网友评论