Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Cisco PIX 501 firewall question on the initial config

Posted on 2003-11-14
3
Medium Priority
?
389 Views
Last Modified: 2011-09-20
I previously worked with Cisco Systems TAC and configured it together with them.
I believe that they configured it correctly as did I.
Since that time we have sort of re-organized the existing network.
Now the network runs great, everyone can get out to the Internet fine.
They have Bell Atlantic T1 (384 kb Fractional T1 link)...provided by CTC in Mass.
That line goes to the Cisco IAD device which does the CSU/DSU functionality...as well as the digital phone system.
Then the Serial cable has a direct connection to the Cisco Router 1700 which acts as the default gateway. Then the Cisco router fast ethernet port/jack connects to the Ethernet Switch thru the
Ethernet cable.... Then the switch connects to 2 other Compex hubs.... and the users connect to either the Compex hubs or the switch..

I have the external public ip address setup for the Cisco Router as well as the Cisco PIX 501.
But the Cisco pix 501 was incorrectly physically living in another part of the building....
now it has been correctly physically moved to the network closet room.

My question is this since the ip address was setup correctly thru Cisco TAC support people...
and they have assigned it the public ip address, and the internal ip address.

The Cisco router does the NAT function and it works well.

Am I suppose to be able to ping the Cisco PIX 501 external ip address from the outside ?
I want to be able to remotely telnet or ssh into the cisco devices both the router and the pix firewall.

Right now, I do have access to telnet into the Cisco 1700 router remotely and gain access to it.

I want to do the same with the pix 501... I don't know the process to do this.
Cisco told me that I should not be able to ping the INternal ip address of the PIX firewall, which I completely understand.

But what is the process to be able to ssh into the PIX firewall ?

I would appreciate the help... Thank you,

Richard
0
Comment
Question by:rchang1967
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 18

Accepted Solution

by:
chicagoan earned 2000 total points
ID: 9748788
>Am I suppose to be able to ping the Cisco PIX 501 external ip address from the outside ?
Not in the usual configuration.

>I want to be able to remotely telnet or ssh into the cisco devices both the router and the pix firewall.

Assign a hostname and domain name to the PIX.

pixfirewall(config)# hostname  changsbox
changsbox(config)# domain-name chang.com

Generate an RSA Key pair and save the keys.

changsbox(config)# ca generate rsa key 2048
For <key_modulus_size> >= 1024, key generation could
take up to several minutes. Please wait..........
After generating the keys, you must save them or they'll be lost at the next reload.

changsbox(config)# ca save all
Specify what hosts are allowed to SSH to the PIX and set the SSH inactivity timeout.
changsbox(config)# ssh my.ip.at.home 255.255.255.255 outside
changsbox(config)# ssh timeout 60

>I want to do the same with the pix 501... I don't know the process to do this.
Same drill
0

Featured Post

Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
This is about my first experience with programming Arduino.
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
Are you ready to place your question in front of subject-matter experts for more timely responses? With the release of Priority Question, Premium Members, Team Accounts and Qualified Experts can now identify the emergent level of their issue, signal…
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question