Solved

Cisco PIX 501 firewall question on the initial config

Posted on 2003-11-14
3
383 Views
Last Modified: 2011-09-20
I previously worked with Cisco Systems TAC and configured it together with them.
I believe that they configured it correctly as did I.
Since that time we have sort of re-organized the existing network.
Now the network runs great, everyone can get out to the Internet fine.
They have Bell Atlantic T1 (384 kb Fractional T1 link)...provided by CTC in Mass.
That line goes to the Cisco IAD device which does the CSU/DSU functionality...as well as the digital phone system.
Then the Serial cable has a direct connection to the Cisco Router 1700 which acts as the default gateway. Then the Cisco router fast ethernet port/jack connects to the Ethernet Switch thru the
Ethernet cable.... Then the switch connects to 2 other Compex hubs.... and the users connect to either the Compex hubs or the switch..

I have the external public ip address setup for the Cisco Router as well as the Cisco PIX 501.
But the Cisco pix 501 was incorrectly physically living in another part of the building....
now it has been correctly physically moved to the network closet room.

My question is this since the ip address was setup correctly thru Cisco TAC support people...
and they have assigned it the public ip address, and the internal ip address.

The Cisco router does the NAT function and it works well.

Am I suppose to be able to ping the Cisco PIX 501 external ip address from the outside ?
I want to be able to remotely telnet or ssh into the cisco devices both the router and the pix firewall.

Right now, I do have access to telnet into the Cisco 1700 router remotely and gain access to it.

I want to do the same with the pix 501... I don't know the process to do this.
Cisco told me that I should not be able to ping the INternal ip address of the PIX firewall, which I completely understand.

But what is the process to be able to ssh into the PIX firewall ?

I would appreciate the help... Thank you,

Richard
0
Comment
Question by:rchang1967
3 Comments
 
LVL 18

Accepted Solution

by:
chicagoan earned 500 total points
ID: 9748788
>Am I suppose to be able to ping the Cisco PIX 501 external ip address from the outside ?
Not in the usual configuration.

>I want to be able to remotely telnet or ssh into the cisco devices both the router and the pix firewall.

Assign a hostname and domain name to the PIX.

pixfirewall(config)# hostname  changsbox
changsbox(config)# domain-name chang.com

Generate an RSA Key pair and save the keys.

changsbox(config)# ca generate rsa key 2048
For <key_modulus_size> >= 1024, key generation could
take up to several minutes. Please wait..........
After generating the keys, you must save them or they'll be lost at the next reload.

changsbox(config)# ca save all
Specify what hosts are allowed to SSH to the PIX and set the SSH inactivity timeout.
changsbox(config)# ssh my.ip.at.home 255.255.255.255 outside
changsbox(config)# ssh timeout 60

>I want to do the same with the pix 501... I don't know the process to do this.
Same drill
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Does your iMac really need a hardware upgrade? Will upgrading RAM speed-up your computer? If yes, then how can you proceed? Upgrading RAM in your iMac is not as simple as it may seem. This article will help you in getting and installing right RA…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question