Feb 13

If I have any trouble with my firewall I would like to be able to access the console of the firewall without going in to the office. I have a Cisco 2600 router connected to the Internet with T1 service. I noticed the Cisco T1 router had an extra aux serial port that I could use. I started by configuring the aux port in the Cisco router. In the Aux port I put the following configuration.

router#config t
router(config)#line aux 0
router(config-line)#modem InOut
router(config-line)#transport input all
router(config-line)#speed 9600
router(config-line)#stopbits 1
router(config-line)#exec-timeout 120 0

Next I configured a loopback interface on the router.
router#config t
router(config)#int loopback 0
router(config-if)#ip address
router(config-if)#no shut

Now I must determine what is the line number of the serial port on my router.

router#show line
Tty Typ Tx/Rx A Modem Roty AccO AccI Uses Noise
Overruns Int
0 CTY - - - - - 0 0 0/0
65 AUX 9600/9600 - inout - - - 8 0 2177/0
* 66 VTY - - - - - 24 0 0/0
67 VTY - - - - - 3 0 0/0
68 VTY - - - - - 1 0 0/0
69 VTY - - - - - 0 0 0/0
70 VTY - - - - - 0 0 0/0

On my router my aux port is using line 65.
Now after I telnet in to my router I would then telnet to my loopback address. I would telnet to port (2000 +65). Cisco always uses 2000 plus the port number from show line to determine the port number for accessing the port.
So on the router
router#telnet 2065
This would connect me to the serial port of my firewall.
To disconnect from the firewall hold the CTRL+SHIFT+6 keys together then press x. Now you will be back on the router command line. Now type clear line 65 to disconnect the aux line.

To physically connect the firewall to the Cisco router aux port you would use a straight through serial cable.

Don’t forget this kind of configuration could open a huge security risk on your network so always configure your Cisco router to have telnet access from only trusted ip addresses.

router#config t
router(config)#line vty 0 4
router(config-if)#access-class 129 in
router(config-if)#exec-timeout 120 0
router(config)# access-list 129 permit ip host any (where is the ip of your trusted host.)
router(config)# access-list 129 deny  ip any any log
router(config)# exit

Now your router and aux port will be only accessible from your trusted ip address.
I now can access the serial port of my firewall remotely if I have a problem.

3 Responses to “Cisco Aux Port to Reverse Telnet to My Firewall”

  1. Ebonie Moorehead Says:

    I really liked reading your post!. Quallity content. With such a valuable blog i believe you deserve to be ranking even higher in the search engines :). Check out the link in my name. That links to a tool that really helped me rank high in google. This way even more people can enjoy your posts and nothing beats a big audience 😉

  2. Tensigh Says:

    You have a very nice blog and I’ll be back. It’s nice to see one that deals with Cisco and networking that’s not too basic but not super complex. I really got a lot out of this, please continue to post.

  3. Mel Freeze Says:

    Morning, It’s great to find a good blog like this one. Do you mind if I use some of your info, as long as I give you a link back?

Leave a Reply