CHAPTER
11-1
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide
OL-6392-01
11
Allowing Remote Management
This chapter describes how to allow remote access to the Firewall Services Module (FWSM) CLI and
how to allow ICMP to and from the FWSM.
Caution Management access to the FWSM using Telnet, SSH, or HTTPS might cause a degradation in
performance depending on the commands that you execute during the session. For example, if there are
50,000 current connections and you enter the show conn command, the CPU utilization is higher than
if you do not enter the command. We recommend that you avoid executing commands on the FWSM
when high network performance is critical.
This chapter includes the following sections:
• Allowing Telnet, page 11-1
• Allowing SSH, page 11-2
• Allowing HTTPS for PDM, page 11-4
• Allowing a VPN Management Connection, page 11-5
• Allowing ICMP to and from the FWSM, page 11-10
Note To “session” into the FWSM from the switch, see the “Sessioning and Logging into the Firewall Services
Module” section on page 3-1.
Allowing Telnet
The FWSM allows Telnet connections to the FWSM for management purposes. You cannot use Telnet
to the lowest security interface unless you use Telnet inside an IPSec tunnel (See the “Allowing a VPN
Management Connection” section on page 11-5).
You can control the number of Telnet sessions allowed per context using resource classes (see the
“Configuring a Class” section on page 5-14). The FWSM allows a maximum of 5 concurrent Telnet
connections per context, if available, with a maximum of 100 connections divided between all contexts.
See the “Rule Limits” section on page A-5 for information about the maximum number of Telnet rules
allowed for the entire system.
To Next Page
Loading...
Need help?
General