11-10-2005 05:40 AM - edited 02-21-2020 12:31 AM
Hello,
what or better how should I set up a pix 501 to manage the remote pix over telnet or pdm ?
can someone give me an advice or a sample config `
What I found in the web did not help me out.
Regards
Kai
Solved! Go to Solution.
11-14-2005 06:33 PM
pix outside interface doesn't support telnet at all. the option is to configure ssh.
e.g.
hostname yourcompanypix
domain-name yourcompany.com.au
ca generate rsa key 1024
ca save all
ssh
in order to establish a ssh session to the pix outside interface, a ssh client is required such as putty.
putty is a freeware and it can be downloaded from:
11-10-2005 04:17 PM
without ipsec vpn between the two sites, telnet is not feasible. pix only accepts ssh to the outside interface.
e.g.
hostname pix
domain-name yourcompany.com
ca generate rsa key 1024
ca save all
ssh
to access the pix via pdm,
e.g.
http server enable
http
then you access the pix via pdm by url https://
providing there is an ipsec vpn between the two sites, you can telnet to the remote pix inside interface.
e.g.
management-access inside
telnet
11-13-2005 11:29 PM
Here is my config, maybe this could be helpful:
PIX Version 6.3(4)
access-list 130 permit ip 192.168.45.0 255.255.255.0 192.168.0.0 255.255.0.0
access-list 100 permit ip 192.168.45.0 255.255.255.0 192.168.0.0 255.255.0.0
pager lines 24
mtu outside 1500
mtu inside 1500
ip address outside 80.80.80.10 255.255.255.248
ip address inside 192.168.45.2 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
pdm location 192.168.8.224 255.255.255.224 inside
pdm logging warnings 500
pdm history enable
arp timeout 14400
global (outside) 1 80.80.80.11
route outside 0.0.0.0 0.0.0.0 80.80.80.9 1
timeout xlate 0:05:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
http server enable
http 192.168.8.224 255.255.255.224 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
crypto ipsec transform-set set-3des esp-3des esp-md5-hmac
crypto map mytrans 30 ipsec-isakmp
crypto map mytrans 30 match address 130
crypto map mytrans 30 set peer 123.123.123.123
crypto map mytrans 30 set transform-set set-3des
crypto map mytrans interface outside
isakmp enable outside
isakmp key ******** address 123.123.123.123 netmask 255.255.255.255
isakmp identity address
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash md5
isakmp policy 10 group 2
isakmp policy 10 lifetime 3600
telnet 192.168.8.224 255.255.255.224 inside
telnet timeout 5
ssh timeout 5
management-access outside
console timeout 0
terminal width 80
regards
Kai
11-14-2005 02:21 AM
just wondering if you may advise how would you prefer to manage the pix at the remote site.
11-14-2005 02:40 AM
No, no,
I ´ve entered other IP adresses to post the config in here and I forgot to enter the ip addresses for the inside.
It´s only the thing to manage this pix from the lan 192.168.8.0 over an IPSEC tunnel
11-14-2005 02:50 AM
net a <--> pix a <--> www/vpn <--> pix b <--> net b
e.g. host from net a to access pix b over ipsec, on pix b:
telnet
management-access inside
11-14-2005 05:38 AM
OK then this works.
but is this also possible from outside e.g. via telnet to the external ip address of the remote pix ?
like telnet net a net a mask outside
management-access outside
11-14-2005 06:33 PM
pix outside interface doesn't support telnet at all. the option is to configure ssh.
e.g.
hostname yourcompanypix
domain-name yourcompany.com.au
ca generate rsa key 1024
ca save all
ssh
in order to establish a ssh session to the pix outside interface, a ssh client is required such as putty.
putty is a freeware and it can be downloaded from:
11-15-2005 01:31 AM
I will try it with ssh.
something for me is strange. I can imagine that the pix does not support telnet over the outside interface.
but I got 3 pix to which i´m able to connect over the outside address with telnet not via ssh.
could this be possible e.g. with an old IOS release ?
11-17-2005 12:27 AM
Ok then,
it runs from internal site over telnet and over external with ssh.
Thanks for your help !
Kai
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: