PIX 500 and ASA 5500 Security Appliance??”Device Access Security
This section describes how to secure the Cisco PIX 500 and ASA 5500 Series Adaptive Security Appliances for
system management through Telnet, SSH, and HTTPS, and authentication mechanism using AAA.
Telnet Access
Cisco PIX 500 and ASA 5500 Series Adaptive Security Appliances allow Telnet connections for management
purposes. For security reasons, users cannot telnet to the lowest security interface unless Telnet is encapsulated
in an IPsec tunnel. Security appliance allows a maximum of five concurrent Telnet connections per context, if
available, with a maximum of 100 connections divided among all contexts. For Telnet access to the Security
appliance, IP addresses need to be configured for hosts from which the appliance accepts connections, as shown
in Example 3-9. The telnet command from the global configuration mode can be used to define the IP
address/network and the interface from which the hosts are allowed to telnet.
Example 3-9. Configuring Telnet Access for PIX
Pix(config)# telnet
mask
SSH Access
Telnet protocol in general is the most popular protocol used to perform device management, but it is highly
insecure because communications in the Telnet session are in clear text.
Pages:
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154