Solved: PIX 501 running 6.3 startup-config

dbuttry · ‎04-09-2008

I have several remote PIX 501s that have VPNs back to my location. I have remote telnet access via the VPN connection. I would like to change the configurations so the VPNs terminate to my ASA rather than my older 3030. Is there anyway to modify the startup-config on a PIX 501 running 6.3? There is no copy tftp start-up command, only a configure net command which merges the config to running. This wont work for me since I need to also change inside IP addresses which is how I am connected. I really need to change startup config and reload.

Thanks. Doug

srue · ‎04-09-2008

the best solution (and easiest) i've found for that situation is to configure ssh to the outside interface from just the IP you're coming from...

then ssh into it and change peers, your ssh session won't be disconnected then, and you can still troubleshoot remotely.

View solution in original post

acomiskey · ‎04-10-2008

Try...

ca gen rsa key 1024

ssh 0 0 outside

View solution in original post

srue · ‎04-09-2008

the best solution (and easiest) i've found for that situation is to configure ssh to the outside interface from just the IP you're coming from...

then ssh into it and change peers, your ssh session won't be disconnected then, and you can still troubleshoot remotely.

dbuttry · ‎04-10-2008

Thanks for your reply however I can not get that to work. I even tried telnet (i know thats not secure) and still can not connect to it. Even tried changing "management-access inside" to outside and locked myself out of one until I had them reboot. Any ideas? Thanks!

acomiskey · ‎04-10-2008

Try...

ca gen rsa key 1024

ssh 0 0 outside

dbuttry · ‎04-10-2008

Thanks so much! Once I figured out to use "pix" as the username and {telnet password} as the password, I'm in!

srue · ‎04-10-2008

yeah, the username pix throws off a lot of people....

thanks for the rating btw.