12-05-2003 02:04 PM - edited 02-20-2020 11:08 PM
I am trying to remotely manage a PIX from a network in the Internet. According to Cisco, I can achieve this by IPSec and this is where I get confused. My idea is to create a user-to-site IPSec tunnel between my laptop to the PIX, get an IP address from inside and then telnet the PIX inside interface's IP address.
Is this the solution, or am I completely mistaken? If the latter, what would be the correct way to do it?
Thanks
12-05-2003 04:50 PM
In the beginning,
the command to use telnet on PIX is:
pixfirewall(config)#telnet local_ip [network]
if you see I wrote local_ip, for two main reasons:
1)only localhosts can access it
2)the reason that there is no external access is , beacause if can't block its own connections why it's firewall ?
The solution you choose is too complex.
You can do the easiest one.You initied session with local server and configure it to redirect it to PIX.
You can use your own software, or standart OS RMTAC functions.
Peacefully,
Dancho
12-05-2003 05:22 PM
Can you not use SSH on the outside interface?
instead of
pix(config)# telnet 12.12.12.12 255.255.255.255
Use
pix(config)# ssh 12.12.12.12 255.255.255.255 outside
12-09-2003 11:47 PM
Just for completeness... to setup SSH (assuming your PIX OS supports it) do the following:
Configure hostname:
pix(config)#hostname PIX-01
Configure domain-name:
PIX-01(config)#domain-name domain.com
Generate RSA keys:
PIX-01(config)#ca gen rsa key 1024
Save your keys to NVRAM:
PIX-01(config)#ca save all
Allow outside access:
PIX-01(config)#ssh 1.1.1.1 255.255.255.255 outside
Done.
12-23-2003 03:54 PM
Another solution is to enable DES, and open an SSH conection. You can connect with a public address from outside this way. Your solution is also OK, but I still recomend SSH connections instead of using telnet. you should need version 6 or greater to enable SSH
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide