Re: PIX 515

c.mac · ‎10-02-2002

Does anyone know if you can put a secondary address on either the global or inside interface. What I am trying to do is have telnet access to the PIX but I have only been able to it from the inside. Is there other commands besides the conventional ( telnet XXX.XXX.XXX inside ) Any help would be great.

r-remien · ‎10-02-2002

If you are trying to manage/access the PIX from the outside, you can use

SSH.

First you need to have a DES or 3DES license on the PIX. The DES is a free

license, you will just need to apply for it from this URL -

http://www.cisco.com/cgi-bin/Software/FormManager/formgenerator.pl?pid=221&fid=324 (You need a CCO login for this). You will then need to load it into the

firewall and reboot it. (Unless you have v6.2). Anyway, once that is done,

do the following.

Create a hostname or use your existing one

Assign a domain name

ca generate rsa key 1024 - creates a 1024 bit key used for private/public key encryption.

ca save all

Add the following commands to your config

ssh 255.255.255.255 outside

ssh timeout x

SSH comes with all Linux/Unix flavors.

If you have Windows, here is a link which you can download an ssh client to use - http://hp.vector.co.jp/authors/VA002416/teraterm.html - Install this and then download the ssh .dll's from this link - http://www.zip.com.au/~roca/ttssh.html

and unzip the files into the same directory where you installed terraterm pro. You will then be able to connect.

You can use telnet with the if_name option,but in order to connect you will need IPSEC configured on the PIX.

Hope this helps/what you are looking for.

RJ