Updating PIX 501 programmatically thru VB.Net

Unanswered Question
May 13th, 2009

My situation is my customers travel all the time so their ip's are rarely the same unless they are docked at home station. I would like our application to see if they are on an ip that has access and if not to send a request to add their current ip to the authorized list. A service running on our server would pick up and verify the request then update the firewall's access list. Is there a way to programmatically update the configuration using VB.Net?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Wed, 05/13/2009 - 12:24

John

Not familiar with VB.Net but any language that can telnet into a device and then send commands would allow you to do what you want. Certainly something like Expect using TCL or PERL have ways of achieving what you want to do so if the worst came to the worst you could call an Expect or PERL script on the server.

Does VB.Net have the ability to telnet to a device and then send strings to the device ?

Jon

jwbutler123 Thu, 05/14/2009 - 05:32

Thanks for the input. I'm not sure if .Net has a class that does telnet functionality but if it doesn't I'm sure someone has written something. Do you know of a book on pix 501 commands or any other resource that would help me?

Jon Marshall Thu, 05/14/2009 - 05:48

John

There are the pix configuration guides and command references -

Configuration guide -

http://www.cisco.com/en/US/docs/security/pix/pix63/configuration/guide/config.html

Command reference -

http://www.cisco.com/en/US/docs/security/pix/pix63/command/reference/cmdref.html

You can allow access to pix in a number of ways. What were you planning to do ? Allow them to access from the outside or were they going to connect to an internal server and then connect back to the inside of the pix ?

If they connect from outside you cannot use telnet to give them access.

Jon

jwbutler123 Thu, 05/14/2009 - 07:27

Yes, my plan is to allow access from an outside ip to and internal ip\port.

John

Actions

This Discussion