If I have any trouble with my firewall I would like to be able to access the console of the firewall without going in to the office. I have a Cisco 2600 router connected to the Internet with T1 service. I noticed the Cisco T1 router had an extra aux serial port that I could use. I started by configuring the aux port in the Cisco router. In the Aux port I put the following configuration.
router(config)#line aux 0
router(config-line)#transport input all
router(config-line)#exec-timeout 120 0
Next I configured a loopback interface on the router.
router(config)#int loopback 0
router(config-if)#ip address 192.168.0.1 255.255.255.0
Now I must determine what is the line number of the serial port on my router.
Tty Typ Tx/Rx A Modem Roty AccO AccI Uses Noise
0 CTY - - - - - 0 0 0/0
65 AUX 9600/9600 - inout - - - 8 0 2177/0
* 66 VTY - - - - - 24 0 0/0
67 VTY - - - - - 3 0 0/0
68 VTY - - - - - 1 0 0/0
69 VTY - - - - - 0 0 0/0
70 VTY - - - - - 0 0 0/0
On my router my aux port is using line 65.
Now after I telnet in to my router I would then telnet to my loopback address. I would telnet to port (2000 +65). Cisco always uses 2000 plus the port number from show line to determine the port number for accessing the port.
So on the router
router#telnet 192.168.0.1 2065
This would connect me to the serial port of my firewall.
To disconnect from the firewall hold the CTRL+SHIFT+6 keys together then press x. Now you will be back on the router command line. Now type clear line 65 to disconnect the aux line.
To physically connect the firewall to the Cisco router aux port you would use a straight through serial cable.
Don’t forget this kind of configuration could open a huge security risk on your network so always configure your Cisco router to have telnet access from only trusted ip addresses.
router(config)#line vty 0 4
router(config-if)#access-class 129 in
router(config-if)#exec-timeout 120 0
router(config)# access-list 129 permit ip host 192.168.1.1 any (where 192.168.1.1 is the ip of your trusted host.)
router(config)# access-list 129 deny ip any any log
Now your router and aux port will be only accessible from your trusted ip address.
I now can access the serial port of my firewall remotely if I have a problem.