{"id":35,"date":"2010-02-13T07:25:10","date_gmt":"2010-02-13T07:25:10","guid":{"rendered":"http:\/\/www.hypersurf.com\/blog\/?p=35"},"modified":"2010-02-13T07:25:10","modified_gmt":"2010-02-13T07:25:10","slug":"cisco-aux-port-to-reverse-telnet-to-my-firewall","status":"publish","type":"post","link":"http:\/\/www.hypersurf.com\/blog\/t1-line\/cisco-aux-port-to-reverse-telnet-to-my-firewall\/","title":{"rendered":"Cisco Aux Port to Reverse Telnet to My Firewall"},"content":{"rendered":"<p>If I have any trouble with my firewall I would like to be able to access the console of the firewall without going in to the office. I have a Cisco 2600 router connected to the Internet with T1 service. I noticed the Cisco T1 router had an extra aux serial port that I could use. I started by configuring the aux port in the Cisco router. In the Aux port I put the following configuration.<br \/>\n<pre><code>router#config t\nrouter(config)#line aux 0\nrouter(config-line)#modem InOut\nrouter(config-line)#transport input all\nrouter(config-line)#speed 9600\nrouter(config-line)#stopbits 1\nrouter(config-line)#exec-timeout 120 0\nrouter(config-line)#exit\n<\/code><\/pre><br \/>\nNext I configured a loopback interface on the router.<br \/>\n<pre><code>router#config t\nrouter(config)#int loopback 0\nrouter(config-if)#ip address 192.168.0.1 255.255.255.0\nrouter(config-if)#no shut\nrouter(config-if)#exit<\/code><\/pre><\/p>\n<p>Now I must determine what is the line number of the serial port on my router.<br \/>\n<pre><code>router#show line\nTty Typ Tx\/Rx A Modem Roty AccO AccI Uses Noise\nOverruns Int\n0 CTY - - - - - 0 0 0\/0\n-\n65 AUX 9600\/9600 - inout - - - 8 0 2177\/0\n-\n* 66 VTY - - - - - 24 0 0\/0\n-\n67 VTY - - - - - 3 0 0\/0\n-\n68 VTY - - - - - 1 0 0\/0\n-\n69 VTY - - - - - 0 0 0\/0\n-\n70 VTY - - - - - 0 0 0\/0\n<\/code><\/pre><br \/>\nOn my router my aux port is using line 65.<br \/>\nNow after I telnet in to my router I would then telnet to my loopback address. I would telnet to port (2000 +65). Cisco always uses 2000 plus the port number from show line to determine the port number for accessing the port.<br \/>\nSo on the router<br \/>\n<code>router#telnet 192.168.0.1 2065<\/code><br \/>\nThis would connect me to the serial port of my firewall.<br \/>\nTo disconnect from the firewall hold the CTRL+SHIFT+6 keys together then press x. Now you will be back on the router command line. Now type clear line 65 to disconnect the aux line.<\/p>\n<p>To physically connect the firewall to the Cisco router aux port you would use a straight through serial cable.<\/p>\n<p>Don&#8217;t forget this kind of configuration could open a huge security risk on your network so always configure your Cisco router to have telnet access from only trusted ip addresses.<br \/>\n<pre><code>router#config t\nrouter(config)#line vty 0 4\nrouter(config-if)#access-class 129 in\nrouter(config-if)#exec-timeout 120 0\nrouter(config-if)#exit\nrouter(config)# access-list 129 permit ip host 192.168.1.1 any (where 192.168.1.1 is the ip of your trusted host.)\nrouter(config)# access-list 129 deny&nbsp;&nbsp;ip any any log\nrouter(config)# exit<\/code><\/pre><\/p>\n<p>Now your router and aux port will be only accessible from your trusted ip address.<br \/>\nI now can access the serial port of my firewall remotely if I have a problem.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>If I have any trouble with my firewall I would like to be able to access the console of the firewall without going in to the office. I have a Cisco 2600 router connected to the Internet with T1 service. I noticed the Cisco T1 router had an extra aux serial port that I could [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[11],"tags":[13,19,39],"_links":{"self":[{"href":"http:\/\/www.hypersurf.com\/blog\/wp-json\/wp\/v2\/posts\/35"}],"collection":[{"href":"http:\/\/www.hypersurf.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.hypersurf.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.hypersurf.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"http:\/\/www.hypersurf.com\/blog\/wp-json\/wp\/v2\/comments?post=35"}],"version-history":[{"count":15,"href":"http:\/\/www.hypersurf.com\/blog\/wp-json\/wp\/v2\/posts\/35\/revisions"}],"predecessor-version":[{"id":50,"href":"http:\/\/www.hypersurf.com\/blog\/wp-json\/wp\/v2\/posts\/35\/revisions\/50"}],"wp:attachment":[{"href":"http:\/\/www.hypersurf.com\/blog\/wp-json\/wp\/v2\/media?parent=35"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.hypersurf.com\/blog\/wp-json\/wp\/v2\/categories?post=35"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.hypersurf.com\/blog\/wp-json\/wp\/v2\/tags?post=35"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}