Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
443
Views
5
Helpful
4
Replies

PIX 506E Configuration question

ubersoldat
Level 1
Level 1

‎06-22-2005 02:59 AM - edited ‎02-21-2020 12:13 AM

Hi all,

i have never before configured a PIX firewall and i have just a simple queston. We have to install a PIX506E for one of our clients and the only thing i should do is to allow all incoming traffic (with no restrincions). That is needed for the administrators to make all changes to the PIX configuration from outside the country.

So can i do this by simply changing the security level on the ouside interface to 100 ?

thanx for your help

0 Helpful
4 Replies 4

jmia
Level 7
Level 7

‎06-22-2005 03:12 AM

Ivo,

If you are allowing outside sys admins to access the pix, you'll be better of by giving them acces using SSH or you can configure "management-access inside" and then setup client vpn access to the pix and your remote admins can then access the PDM via the VPN and manage it.

If you need further help on this then let me know either here or at jmia@ohgroup.co.uk

Jay

0 Helpful

ubersoldat
Level 1
Level 1
In response to jmia

‎06-22-2005 03:31 AM

The whole idea of giving them access is that they want to create a VPN connection with us. So i'm looking for the simplest solution. There will be a ADSL modem connected to the PIX506E. If my ISP forwards SSH port (22) to my outside interface of the pix will this do the trick ?

Or can i use PDM to grant them access ?

0 Helpful

jmia
Level 7
Level 7
In response to ubersoldat

‎06-22-2005 03:54 AM

OK, What sort of VPN do they need? Site-to-Site? If so what device have they got at their end, is it another pix?

Have a read of the following documents:

PIX to PIX IPSec VPN:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080094761.shtml

Accessing PIX via VPN/PDM:

http://www.cisco.com/en/US/products/sw/netmgtsw/ps2032/products_configuration_example09186a0080094497.shtml

PIX VPN Client Access:

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a008009442e.shtml

To allow access on the outside interface via SSH, you'll need to do the following:

In config mode on PIX:

> ca generate rsa key 1024

> ca save all

write to memory with: write mem

You can view you newly created keys by issuing:

> sho ca mypubkey rsa

Now you'll need to configure (in config mode) who accesses your pix:

> ssh 255.255.255.255 outside

Save with: write mem.

Your remote users will need a SSH client (use putty.exe) you can find this by searching google.

Hope this helps and please rate post if it does, if need further help then let me know.

Jay

ubersoldat
Level 1
Level 1
In response to jmia

‎06-23-2005 12:48 AM

Thanx for your help

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card
Top