Feb 13

If I have any trouble with my firewall I would like to be able to access the console of the firewall without going in to the office. I have a Cisco 2600 router connected to the Internet with T1 service. I noticed the Cisco T1 router had an extra aux serial port that I could use. I started by configuring the aux port in the Cisco router. In the Aux port I put the following configuration.

router#config t
router(config)#line aux 0
router(config-line)#modem InOut
router(config-line)#transport input all
router(config-line)#speed 9600
router(config-line)#stopbits 1
router(config-line)#exec-timeout 120 0
router(config-line)#exit

Next I configured a loopback interface on the router.
router#config t
router(config)#int loopback 0
router(config-if)#ip address 192.168.0.1 255.255.255.0
router(config-if)#no shut
router(config-if)#exit

Now I must determine what is the line number of the serial port on my router.

router#show line
Tty Typ Tx/Rx A Modem Roty AccO AccI Uses Noise
Overruns Int
0 CTY - - - - - 0 0 0/0
-
65 AUX 9600/9600 - inout - - - 8 0 2177/0
-
* 66 VTY - - - - - 24 0 0/0
-
67 VTY - - - - - 3 0 0/0
-
68 VTY - - - - - 1 0 0/0
-
69 VTY - - - - - 0 0 0/0
-
70 VTY - - - - - 0 0 0/0

On my router my aux port is using line 65.
Now after I telnet in to my router I would then telnet to my loopback address. I would telnet to port (2000 +65). Cisco always uses 2000 plus the port number from show line to determine the port number for accessing the port.
So on the router
router#telnet 192.168.0.1 2065
This would connect me to the serial port of my firewall.
To disconnect from the firewall hold the CTRL+SHIFT+6 keys together then press x. Now you will be back on the router command line. Now type clear line 65 to disconnect the aux line.

To physically connect the firewall to the Cisco router aux port you would use a straight through serial cable.

Don’t forget this kind of configuration could open a huge security risk on your network so always configure your Cisco router to have telnet access from only trusted ip addresses.

router#config t
router(config)#line vty 0 4
router(config-if)#access-class 129 in
router(config-if)#exec-timeout 120 0
router(config-if)#exit
router(config)# access-list 129 permit ip host 192.168.1.1 any (where 192.168.1.1 is the ip of your trusted host.)
router(config)# access-list 129 deny  ip any any log
router(config)# exit

Now your router and aux port will be only accessible from your trusted ip address.
I now can access the serial port of my firewall remotely if I have a problem.

Leave a Reply