• はじめに
• 踏み台でサポートトンネルを有効にする手順
• 対象機器でSSHアクセスを有効にする手順
• TACへ提出する情報

はじめに

サポートトンネルはインターネットを経由した通信となりますが、調査対象の機器がインターネットに接続されていない場合、インターネットに接続できる別のESA/WSA/SMAを経由して当該機器の調査を行うことが可能です。 

[Cisco] --- (tunnel) --- [踏み台] --- (ssh) --- [対象機器]

本ドキュメントは踏み台を利用した際の踏み台側と対象機器側での設定を紹介します。

踏み台でサポートトンネルを有効にする手順

CLI > techsupport
Service Access currently disabled.
Serial Number: xxxxxxxxxxxx-xxxxxxxxx
Choose the operation you want to perform:
- SSHACCESS - Allow a Cisco IronPort Customer Support representative to remotely access your system, without establishing a tunnel.
- TUNNEL - Allow a Cisco IronPort Customer Support representative to remotely access your system, and establish a secure tunnel for communication.
- STATUS - Display the current techsupport status.
[]> tunnel
A random seed string is required for this operation
1. Generate a random string to initialize secure communication (recommended)
2. Enter a random string
[1]>
Enter the port number for tunnel connection:
[25]>
Are you sure you want to enable service access? [N]> Y
Service access has been ENABLED. Please provide the string:
QAGH-LCGJ-BWMX-3DY@-QUA6-AC
to your Cisco IronPort Customer Support representative.

対象機器でSSHアクセスを有効にする手順

CLI > techsupport
Service Access currently disabled.
Serial Number: xxxxxxxxxxxx-xxxxxxxxx
Choose the operation you want to perform:
- SSHACCESS - Allow a Cisco IronPort Customer Support representative to remotely access your system, without establishing a tunnel.
- TUNNEL - Allow a Cisco IronPort Customer Support representative to remotely access your system, and establish a secure tunnel for communication.
- STATUS - Display the current techsupport status.
[]> sshaccess
A random seed string is required for this operation
1. Generate a random string to initialize secure communication (recommended)
2. Enter a random string
[1]>
Are you sure you want to enable service access? [N]> Y
Service access has been ENABLED. Please provide the string:
3Y9T-B@NU-KFAQ-NMBM-RFN@-B1
to your Cisco IronPort Customer Support representative.
Service Access currently ENABLED (0 current service logins).
Tunnel option is not active.
Serial Number: xxxxxxxxxxxx-xxxxxxxxx

TACへ提出する情報

踏み台への接続(techsupport tunnel)について、下記情報をご提示ください。
--------------------
機器のシリアル番号
techsupport > tunnelで設定したパスワード
--------------------

対象機器への接続(techsupport sshaccess)について、下記情報をご提示ください。
--------------------
対象機器のIPアドレス、もしくはホスト名
機器のシリアル番号
techsupport > sshaccessで設定したパスワード
--------------------