Virtual Telnet
The basic telnet command has syntax that is agnate to the basic http command,
but it solves a absolutely altered problem.This affection is advantageous if you appetite to
preauthenticate users for casework that do not abutment affidavit (i.e., services
other than HTTP, FTP, or Telnet).Virtual Telnet provides a way for users to
authenticate themselves through Telnet afore they use those services. For
example, let’s say that you enabled affidavit for all protocols application the any
keyword as follows:
PIX1(config)# aaa affidavit accommodate any outbound 0 0 0 0 AuthOut
If a user’s aboriginal outbound affiliation attack is annihilation added than HTTP,
FTP, or Telnet, the user will not be able to accredit and accretion access. However,
we can configure a basic Telnet server to preauthenticate the user so they can
gain access.This is able application the afterward command:
virtual telnet
The ip_address constant specifies an bare IP abode that is baffled to the
PIX firewall. For example, to accredit basic Telnet on the PIX firewall application IP
address 10.5.1.15, use the afterward command:
PIX1(config)# basic telnet 10.5.1.15
The user can now Telnet to the basic IP abode in adjustment to authenticate
before application a account that does not abutment authentication.The user simply
Telnets to the IP abode of the basic server and enters his or her AAA username
and password.The PIX will afresh accredit them, abutting the Telnet connection,
and accumulation the affidavit advice for the continuance of the uauth
timer. Figure 5.35 shows an archetype of affidavit application basic Telnet.
www.syngress.com
Authentication, Authorization, and Accounting • Chapter 5 269
You can use basic Telnet not aloof for logging in but for logging out as well.
After auspiciously acceptance via basic Telnet, you will not accept to reauthenticate
until the uauth timer expires. If you are accomplished with your tasks and want
to anticipate any added cartage from traversing the firewall application your authentication
information, you can Telnet to the basic IP abode again.This effectively
ends the affair and logs you out.
Use the appearance basic telnet command to appearance the agreement and the no
virtual telnet command to attenuate the use of basic Telnet.