Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

CSPM + Secure Telnet on outside interface

Hi,

I have an issue with CSPM and remote control of a PIX.

My network design is pretty simple (this is only a model) :

- a first pix protecting a central network and an administration DMZ containing the stand-alone CSPM machine.

- a second pix protecting a remote network

The remote PIX must be administrated by CSPM, but when since the connection arrives on the outside interface, access is denied by the PIX (without IPSec tunneling).

The work around I found using the CLI consists in renaming the outside interface as out_if and give it a security level of 1.

This works fine, and CSPM begins to publish the configuration, but the problem is that it overrides the whole configuration, including the interface name.

So the update starts, but is interrupted in the middle.

I tried changing the interface name in CSPM, but it doesn't accept a first interface that's not outside :

"'outside' interface must be the first interface

interface 'out_if' has no slot index specified"

Does any one have an idea on how to work around this without building an IPSec tunnel to protect a plain telnet ?

Thanks in advance for any suggestion.

Best regards,

Thomas

1 REPLY
New Member

Re: CSPM + Secure Telnet on outside interface

This security feature is designed to protect you from someone hacking in and changing the configuration. I wouldn’t try to clear-text push a configuration to the outside interface. Use IPSEC or use a distributed PM setup and push the configuration through the PIX to the Policy Distribution Point.

127
Views
0
Helpful
1
Replies
CreatePlease to create content