Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2871
Views
5
Helpful
5
Replies

How to manage DMZ switches

bdjezzar4490
Level 1
Level 1

‎06-30-2006 11:06 AM - edited ‎03-03-2019 03:52 AM

Hi there,

We have two switches on DMZ segment and we want access remotly via telnet but we don't want to give them public ip address.

With private ip address i can't access the switch because my gateway is PIX and we can't configure a secondary ip on the pix.

Any advise. Thank you.

Labels:
0 Helpful
5 Replies 5

jstoecker
Level 1
Level 1

‎06-30-2006 07:44 PM

What about moving all the "public" / "DMZ" ports into their own vlan(s), and having a dedicated VLAN for just the management console.

If the PIX can do 802.1Q trunking, you could then trunk the VLANs into the PIX, and set different security rules for the management VLAN than what you have for the public / DMZ VLANs.

Alternately, you could configure one physical port of the switch into the management VLAN and connect that back into your network infrastructure where you could telnet using an "inside" address.

A third alternative is to obtain an access router like a 2509, connect the ethernet port to your LAN, and use an octal cable into the console ports. Then, using "reverse telnet", you telnet into the 2509 which forwards the connection to the console ports. See the following document:

http://www.cisco.com/en/US/tech/tk801/tk36/technologies_configuration_example09186a008014f8e7.shtml

John

bdjezzar4490
Level 1
Level 1
In response to jstoecker

‎07-04-2006 06:34 AM

Hi Stoecker,

Thank you very much for your response.

I don't know if i have really understand, but i try to translate your solution to the following steps:

1- Create a management vlan on DMZ switch.

2- Configure one physical port into the management vlan.

3- Connect that port into my LAN switch.

4- If my inside IP on the PIX is 192.168.1.1, the management vlan IP would be like 192.168.1.100 and the default-gateway 192.168.1.1

Please let me know if i am in wrong.

Finally, i have two questions:

1- Does the PIX-525 software 7.0(4) do the trunking?

2- Did you mean the ACL with security rules?

Best regards,

0 Helpful

devang_etcom
Level 7
Level 7

‎07-01-2006 05:34 AM

you can do it by NAT also you can have the NAT on your PIX ... and reverse telnet is also good idea to configure and using that you can telnet to the perticular line number in order to access it...

rate this post if it helps

regards

Devang

0 Helpful

bdjezzar4490
Level 1
Level 1
In response to devang_etcom

‎07-04-2006 07:03 AM

Hi Gopalbhai,

Thank you for your help.

Yes, i have nat on my pix but i don't see how i could use it to telnet my DMZ switch? Could you please give me more details.

Best regards,

0 Helpful

amit-singh
Level 8
Level 8

‎07-04-2006 07:11 AM

Hi,

If I were you, I would have used NAT or Self static along with ACLS to accomplish this.

Yes, PIX 7.0 code has Dot 1Q feature.

HTH, Please rate if it does.

-amit singh

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents