Solved

Cisco PIX 501 firewall question on the initial config

Posted on 2003-11-14
3
384 Views
Last Modified: 2011-09-20
I previously worked with Cisco Systems TAC and configured it together with them.
I believe that they configured it correctly as did I.
Since that time we have sort of re-organized the existing network.
Now the network runs great, everyone can get out to the Internet fine.
They have Bell Atlantic T1 (384 kb Fractional T1 link)...provided by CTC in Mass.
That line goes to the Cisco IAD device which does the CSU/DSU functionality...as well as the digital phone system.
Then the Serial cable has a direct connection to the Cisco Router 1700 which acts as the default gateway. Then the Cisco router fast ethernet port/jack connects to the Ethernet Switch thru the
Ethernet cable.... Then the switch connects to 2 other Compex hubs.... and the users connect to either the Compex hubs or the switch..

I have the external public ip address setup for the Cisco Router as well as the Cisco PIX 501.
But the Cisco pix 501 was incorrectly physically living in another part of the building....
now it has been correctly physically moved to the network closet room.

My question is this since the ip address was setup correctly thru Cisco TAC support people...
and they have assigned it the public ip address, and the internal ip address.

The Cisco router does the NAT function and it works well.

Am I suppose to be able to ping the Cisco PIX 501 external ip address from the outside ?
I want to be able to remotely telnet or ssh into the cisco devices both the router and the pix firewall.

Right now, I do have access to telnet into the Cisco 1700 router remotely and gain access to it.

I want to do the same with the pix 501... I don't know the process to do this.
Cisco told me that I should not be able to ping the INternal ip address of the PIX firewall, which I completely understand.

But what is the process to be able to ssh into the PIX firewall ?

I would appreciate the help... Thank you,

Richard
0
Comment
Question by:rchang1967
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 18

Accepted Solution

by:
chicagoan earned 500 total points
ID: 9748788
>Am I suppose to be able to ping the Cisco PIX 501 external ip address from the outside ?
Not in the usual configuration.

>I want to be able to remotely telnet or ssh into the cisco devices both the router and the pix firewall.

Assign a hostname and domain name to the PIX.

pixfirewall(config)# hostname  changsbox
changsbox(config)# domain-name chang.com

Generate an RSA Key pair and save the keys.

changsbox(config)# ca generate rsa key 2048
For <key_modulus_size> >= 1024, key generation could
take up to several minutes. Please wait..........
After generating the keys, you must save them or they'll be lost at the next reload.

changsbox(config)# ca save all
Specify what hosts are allowed to SSH to the PIX and set the SSH inactivity timeout.
changsbox(config)# ssh my.ip.at.home 255.255.255.255 outside
changsbox(config)# ssh timeout 60

>I want to do the same with the pix 501... I don't know the process to do this.
Same drill
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Every server (virtual or physical) needs a console: and the console can be provided through hardware directly connected, software for remote connections, local connections, through a KVM, etc. This document explains the different types of consol…
In the modern office, employees tend to move around the workplace a lot more freely. Conferences, collaborative groups, flexible seating and working from home require a new level of mobility. Technology has not only changed the behavior and the expe…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question