11-19-2010 05:12 AM - edited 03-04-2019 10:31 AM
Hi
I'm quite new to telnet and I can't acces the Cisco firewall Pix501 through the web interface. I have a print from the PIX 501's settings and I can see that I have to change a users IP adress, since he has got a new IP adress.
I hope that he can get acces from wan side to the server if I change the old IP adress to the new one.
My question is can I change the IP adress through telnet and what should the commandos look like.
These are the 2 lines from the configuration where the old IP adress appears:
crypto map vpn 2 set peer n.n.n.n
isakmp key xxx address n.n.n.n netmask 255.255.255.255
Kind Regards
René Dreier
11-19-2010 05:38 AM
Normally, telnet is disabled on a pix. You should rather use ssh. (try putty)
The config will provide info on the enabled protocols. Please check your config for lines like below:
aaa authentication telnet console LOCAL >authentication for telnet
aaa authentication ssh console LOCAL > same for ssh
ssh 0.0.0.0 0.0.0.0 outside > defines allowed source address range for ssh
ssh 0.0.0.0 0.0.0.0 inside
Also, I want to discourage you to post details like the isakmp key on a forum, especially since a public address was also included.
Don't do this. You never know who is reading your stuff on the Internet.
regards,
Leo
11-19-2010 05:51 AM
Hi Leo
Thanks for the quick reply, I have removed the key and IP from my post good point!
I think telnet is enabled since I have been logged in through telnet, I just don't know what to do then.
I have a line in the configuration that says:
telnet (lan IP n.n.n.0) 255.255.255.0 inside
Regards,
René
11-19-2010 06:02 AM
OK,I thought your problem was how to connect using telnet.
The next steps are easy when you are used to the cisco CLI.
Pix commands differ a bit from IOS but it can be managed.
Basically, you need to rewrite the two lines in config mode:
conf t
commands
(just re-enter the same 2 lines with different parameters.)
(if the old ones are not overwritten, re-enter them with a 'no ' before them.)
end
write mem
However, it can be challenging when this is unfamilair ground for you.
You may check the pix command reference first (on cisco.com) or consider hiring an expert to do the job.
Remeber: as long as you do not type 'write mem', you can always restart the pix and start again!
Leo
12-02-2010 05:46 AM
Thanks it works - wonderfull
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide