Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
296
Views
10
Helpful
3
Replies

Newbie question

jonathanrcarter
Level 1
Level 1

‎06-25-2007 04:37 AM - edited ‎03-11-2019 03:34 AM

I manage a seried of Linux servers and we have has a number of successfull DOS attacks recently (SYN_FLOOD). The guys I co-locate with do not know enough about the CISCO equipment to configure measures against this.

Therefore they have given me the login to the Cisco PIX506E which is between me and the Internet.

Although I have read up how to configure things at the command line level I would like to use a GUI.

I tried to download management software from the Cisco website but I keep being blocked - therefore my question is (a) is this software free i.e. can I download it? (b) how do I get unblocked, (c) or where can I buy it if there is a pricing issue.

Also one other question : My office is on the outside of the firewall - is it possible (advisable) to enable the web software whcih I assume is built into the PIX for use from my location. All the documentation in the manuals referes to enabling the web interface towrds the "inside". I have other linux servers on the inside but I cannot get a browser to connect from ther without sitting in the server room.

I hope you can help me out

Jonathan Carter

Glimworm IT BV

Amsterdam

Labels:
0 Helpful
3 Replies 3

JORGE RODRIGUEZ
Level 10
Level 10

‎06-25-2007 06:11 AM

Jonathan,

The PIX 506E should already have PDM ( Pix Device manager ) in it, this will be your gui. There are few things

you need to configure in the PIX to allow http and telnet access.

These are the steps to accomplish this from the inside network:

Follow this link

http://www.cisco.com/en/US/docs/security/pix/pix63/pdm30/installation/guide/pdm30CH4.html

before loadding the PDM via browser you need

to configure the PIX to allow http and telnet

eg.

Have someone console/telnet to the PIX.

http server enable

telnet 0.0.0.0 0.0.0.0 inside

http 0.0.0.0 0.0.0.0 inside

load browser

https:\\PIX_Inside_Interface_IP

For accessing the pix from the outside you have couple of options:

1- Stablish a VPN session to access your network ( IPsec, PPTP etc.. )

you can then access the PIX through the tunnel.

http://www.cisco.com/en/US/products/sw/netmgtsw/ps2032/products_configuration_example09186a0080094497.shtml

or

2- Implement SSH to access the fireweall

go to this link and pick ssh explanation.

http://www.cisco.com/en/US/docs/security/pix/pix63/command/reference/s.html#wp1026535

syntax for ssh in firewall.

ssh "ip address allowed" "netmask" outside

To set up ssh you will need to make sure the pix has a hostname ad domain name.

then you need to generate rsa keys on the pix and then save them with the "ca save all" command. Just doing a wr mem will not save you rsa keys

here you will also need an SSH Client Software for the hostPC accessing the PIX.

If you need help in the initial implementation or either options let us know.

HTH

Jorge

Jorge Rodriguez

jonathanrcarter
Level 1
Level 1
In response to JORGE RODRIGUEZ

‎06-25-2007 07:03 AM

Thanks - I think I can make a VPN actually so I will try that.

Another Question - in my SYN attacks basically the interface connected to the PIX became totally un-useable. At the same time if I ssh'd onto a 2nd interface (eth1) I could log in and perform linux commands. Although the system was a little slow (i.e. with the top command) it was not completely dead.

What I am thinking is that it was actually the PIX that was overloaded rather than the server. In that case will configuring a limit of 'opening connections' in the PIX help at all ? Alternatively are there other solutions open to me??

Jonathan Carter

Glimworm IT BV

0 Helpful

JORGE RODRIGUEZ
Level 10
Level 10
In response to jonathanrcarter

‎06-25-2007 07:53 AM

you need to configured the pix for intrution detection policy, once you get the GUI running you will be able to work with IDS policy and IDS signatures for your interfaces including SYN attacks.

To see the load of the pix issues these commands :

show cpu usage, and show mem

these will sort of give you basic system

cpu utilization and installed memory, so you can start getting a base line of the pix hardware specs and its usage. I would recommend to look into the 506e product to get you aquainted with it.

Jorge Rodriguez
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card