I have a new pix 515e for Home pratice.
1. I couldnt telnet the switch after configuring. should i have to use cross cable or not to connect PC-PIX? (as new switches and routers run through straight cable). more importantly i couldnt even ping the inside ip which is telnet and ssh enabled.
2. Recieveing the following after executing each and every command on global mode.
configuration Replication is NOT performed From standby Unit to Active Unit
configurations are no longer synchronized.
Hope you guys pull me out from these issues
Thanks & Regards
you must use a straight cable to connect and by default inside interface is e1 with a security level of 100 if I remember well.So are you connected to the correct interface?
Post your config and for pinging the interface then try the following command: icmp 0 0 inside
Concerning the message, this unit was part of a active/standby config and configured as standby and so this is normal message. Erase startup config and reload then reconfigure the pix.
Hi thanks alain for the info.
can you please look in to my config. ans guide me where am i doing wrong.
pixfirewall(config)# sh run
PIX Version 6.3(5)
interface ethernet0 auto
interface ethernet1 auto
interface ethernet2 auto shutdown
interface ethernet3 auto shutdown
interface ethernet4 auto shutdown
interface ethernet5 auto shutdown
nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif ethernet2 intf2 security4
nameif ethernet3 intf3 security6
nameif ethernet4 intf4 security8
nameif ethernet5 intf5 security10
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
pager lines 24
mtu outside 1500
mtu inside 1500
mtu intf2 1500
mtu intf3 1500
mtu intf4 1500
mtu intf5 1500
no ip address outside
ip address inside 10.10.22.1 255.255.255.0
no ip address intf2
no ip address intf3
no ip address intf4
no ip address intf5
ip audit info action alarm
ip audit attack action alarm
failover timeout 0:00:00
failover poll 15
no failover ip address outside
no failover ip address inside
no failover ip address intf2
no failover ip address intf3
no failover ip address intf4
no failover ip address intf5
pdm history enable
arp timeout 14400
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout sip-disconnect 0:02:00 sip-invite 0:03:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
telnet 10.10.22.0 255.255.255.0 inside
telnet timeout 5
ssh 10.10.22.0 255.255.255.0 inside
ssh timeout 5
console timeout 0
dhcpd address 10.10.22.20-10.10.22.220 inside
dhcpd lease 3600
dhcpd ping_timeout 750
username admin password eY/fQXw7Ure8Qrz7 encrypted privilege 2
terminal width 80
Thanks & Regards
So telnet access should be ok. For ssh you'll have to configure a key and for icmp it should work also.
Telnet is not working alain
help me out for ssh
default enable, console password is just enter(none)
here is what i configured for ssh
#ca gen rsa key 1024
#ssh 10.10.22.22 255.255.255.255 inside
#ssh timeout 60
#ca save all
Here for ssh client i have given 1 host to access 10.10.22.22/32 .
I have given my pc ip as 10.10.22.22/24 through putty if i ssh to 10.10.22.22 at port 22 im getting login screen as follows(if i get the login screen then im using right cable(straight cable as u said) here right )
here i tried with admin as login, password as login couldnt get access to pix
tried with blank login and password dint work ..
if i ssh to inside interface ip i.e 10.10.22.1 couldnt get login screen.
can you please clearly explain what should be done to work out this.(please help me out as i have to implement this in my organization.)
Thanks & regards
You must use the username admin and the corresponding password you configured in the username command. and you must do this at the inside IP . Is the interface up/up? ---> sh interface e1
The commands you entered are ok and it should work.
can anyone pplease look in to the attached file and say me wr root cause..
this is really weired as i feel everythin frm my comfig. is fine. still couldnt ping,telnet,ssh ....
you're pinging from the pix to 2 IPs and none respond but you've got an ARp entry for one of these.
So the one with ARP entry is maybe blocking ICMP echo-requests? did you try disabling software firewall on this machine?
For the other one where is it suppose to be in the topology because there seems it won't even ARP reply?
For telnet/ssh I don't see any output from hosts supposed to be using these protocols not accessing the Pix firewall?