09-02-2005 02:07 AM - edited 03-09-2019 12:19 PM
hi
my need is very simple , i would like to access my pix which is in remote location via telnet and pdm.
The pix has "outside" interface as private IP and "inside" interface has a public ip , x.199.213.1 , and i would like to access by telneting or doing https to this very ip, x.199.213.1.
where am i going wrong!!!
Shukky
India
09-02-2005 04:53 AM
First off....you should never directly connect your inside interface to the internet. By default, the pix allows all traffic from the inside to outside, setting the pix up in this manner allows all traffic from the internet to bypass pix and enter your private network. You should change the config and point your outside interface toward the internet, once this is done you'll need to enter the commands:
http server enable
http 0 0 outside
this enables pdm access from all internet hosts, if you'd like to restrict traffic to only certain hosts you can enter something like this:
http 192.168.10.1 255.255.255.255 outside
Secondly, you cannot telnet to the outside interface unless you use IPSec. Instead, you may want to use SSH since it's easier to configure and also provides data confidentiality. You can enable this by entering the follow commands (you must first configure the hostname and domain of the pix):
ca zeroize rsa
ca generate rsa key 512
ca save all
you should then be able to use ssh to access pix.
good luck
09-02-2005 05:25 AM
Hi,
Following on from the post, use SSH (see other post) to manage the PIX. To access PDM I would suggest that you do this via a VPN. Take a look at the following document:
Also, if the above is not possible what you could do is setup VPN client access on your remote PIX and then access PDM via the VPN.
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a008009442e.shtml
Now all you need to do on your remote PIX is to enable PDM by:
http server enable
http 10.0.1.0 255.255.255.0 inside
*the 10.0.1.0 /24 address space is taken from the ip local pool for VPN clients see the above URL.
The key here is to enable access to the inside interface of your PIX , so youll also need to enable this by:
(in config mode)
management-access inside
You can check to see if you can reach the inside interface of the PIX via the VPN Client by pinging the inside interface IP of your PIX you should get a reply! As soon as this is confirmed you can open up your web browser and open up PDM i.e.
I think the 2nd option will be better for you.
Hope this helps and if it does please rate post as it might help others.
Thanks
Jay
09-05-2005 05:15 AM
hi
thanx for all the inputs, im again posting my update and what i have doen and from where..pls advice.
i will surely rate this post.
(config)# sh ca mypubkey rsa
% Key pair was generated at: 16:44:16 UTC Sep 5 2005
Key name: IITM-PiX.ciscopix.com
Usage: General Purpose Key
Key Data:
30819f30 0d06092a 864886f7 0d010101 05000381 8d003081 89028181 00b7d437
818c206d 4beaf0e4 0322e88e abf365ce d022a827 2b6fbd12 f464469c f4c2090e
hope this helps.
shukky
India
09-05-2005 09:47 PM
hi
im still waiting..
i have SSHed into a pc in the network but cant telnet or ssh from that ssh server pc to any other device..
pls enlighten me..
Shukky
India
09-06-2005 03:59 PM
are you trying to ssh into the PIX from the pc or through the pix? please be more specific.
09-06-2005 09:20 PM
hi
thna xfor ur reply , im trying to telnet and ssh into the pix, not thru it.
once i ssh into the network ssh server i cant telnet or ssh anywhere else.
pls advice
Shukky
India
09-06-2005 10:06 PM
Hi,
I am confused. You try to ssh to the PIX and all the above posts are related to that. Now you mentioned the issue is - " once i ssh into the network ssh server i cant telnet or ssh anywhere else."
In order to further assist you, what exactly you try to achieve?
09-07-2005 06:11 AM
yes, i am confused as well.
09-08-2005 12:43 AM
hii
ok ok ok...big confusion..
first thing first :
What i wanted :
1. if i could ssh into the pix 's inside interface ip add which is public ip from the outside interface over internet.
result : cudnt do a damn thing.
What i did!!
1. i had a server class pc with a public ip in the inside net of pix, told my gyu to make that pc as a SSH server, which he did.I SSHed into that machine, no probs.
now i thought if im in that ssh server , i can also ssh into the pix from that remote machine.but it just didnt happen. i was not able to ssh or telnet from that machine.but the guy sitting there on that machine locally was able to do all: ping/telnet/ssh.
so here iam sitting at a remote site cant access my pix.
so im now thinking to do a RADMIN instaallation and simulate teh same thing.
but i need a solution for my iisue.
my config are ok.. pls advice.
Shukky
India
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide