Is it true that a PIX device will not allow you to SSH to the device on an interface if the traffic goes through another interface on the PIX first? If so, is there a way to get around this? We don't route the main PIX interface over our network but we do route all others and would like to access the PIX itself using SSL thru them.
NOTE: When you establish an SSH connection to the PIX, you'll first see the following info in you SSH session:
The . does not affect the SSH session but it is indicating to show you that the PIX is generating a server key or decrypting a message, in other words the PIX is busy setting up the connection. After this setup, the PIX will prompt you to enter a username, where you'll enter the username of pix, and then the telnet password, remember that the default telnet password is cisco.
Hope this helps out and let me know how you get on. Pleaseb rate this post if it helps you out so that others can use it.
Thanks Jay. Do I realy need all of this just to connect with SSH to another interface on the same PIX device? The PIX device is within our support network, inside the company but restricted to only support personnel administering the device. We want the support personnel to SSH to an interface on the PIX device after going thru device to get to that interface. We restrict anyone from accessing the primary PIX interface because we restrict anyone from accessing the backbone network that the PIX is attached to. This is why we require access to an interface other than the primary one using SSH but after going thru the primary to get to the interface. whew..... confusing..
You should be able to ssh to the pix so long as you can route to it. I really don't understand what you mean by the primary interface - do you mean the "inside" one, .ie., the one with the highest security level? Are people allowed to send packets across the "inside" network, but not directly connect to it?
We have a PIX device that has one connection to a backbone ethernet network, one interface connection to a switch managment network and one interface conection to a server network. We route the switch management network and the server network thru static routes off a router on the ethernet backbone network pointing to the PIX ethernet backbone interface. We don't route the PIX interface that supports the ethernet backbone out to our users directly because we don't what people to get other devices on the ethernet bacbone directly.
So... we want support personnel to access the PIX switch management interface using SSL to support the PIX device itself, which means that it must route thru the PIX's ethernet backbone interface first before it can SSL to the PIX's switch management interface. People are telling me that you can't do that. Is this true?
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :