- July
Posted By : Gom Jabbar
Cisco ASA Device Management – More Telnet Connections

Management Access to the Cisco ASA via Telnet

A show run telnet will display any telnet-related commands in the running config.

ciscoasa(config)# sh ru telnet

telnet timeout 5

By default, the ASA only has a single command preconfigured: a telnet session timeout for the default 5 minutes. The available range is 1 to 60 minutes. To change the session timeout, use the telnet timeout command. For example, to change the timeout to 60 minutes:

ciscoasa(config)# telnet timeout 60

To specify the hosts allowed to telnet into the ASA, use the telnet command to specify the IP address (or range) and the interface to which the host(s) will connect.

To permit a single host at to telnet into the inside interface, use a mask of

ciscoasa(config)# telnet inside

To permit all hosts in the subnet to telnet into the inside interface, include the subnet mask:

ciscoasa(config)# telnet inside

To permit all hosts to telnet into the inside interface, use the 0 0 shorthand:

ciscoasa(config)# telnet 0 0 inside

To view all current telnet sessions, use the who command:

ciscoasa(config)# who


The number before the colon is the session ID. In the example above, the host at is telnetted into the ASA with a session ID of 0.

Now if I do a no telnet inside, this will remove from the list of hosts permitted to telnet into the ASA. However, the command will not terminate an existing telnet connection from that source IP address. It will only prevent new connections from To terminate an existing session, I have to run a kill command and specify the session ID that I want to terminate.

ciscoasa(config)# who


ciscoasa(config)# kill 0

Additional Information:

Telnet command in the Cisco ASA 8.4 Command Reference.