Solved

Cisco PIX 501 firewall question on the initial config

Posted on 2003-11-14
3
385 Views
Last Modified: 2011-09-20
I previously worked with Cisco Systems TAC and configured it together with them.
I believe that they configured it correctly as did I.
Since that time we have sort of re-organized the existing network.
Now the network runs great, everyone can get out to the Internet fine.
They have Bell Atlantic T1 (384 kb Fractional T1 link)...provided by CTC in Mass.
That line goes to the Cisco IAD device which does the CSU/DSU functionality...as well as the digital phone system.
Then the Serial cable has a direct connection to the Cisco Router 1700 which acts as the default gateway. Then the Cisco router fast ethernet port/jack connects to the Ethernet Switch thru the
Ethernet cable.... Then the switch connects to 2 other Compex hubs.... and the users connect to either the Compex hubs or the switch..

I have the external public ip address setup for the Cisco Router as well as the Cisco PIX 501.
But the Cisco pix 501 was incorrectly physically living in another part of the building....
now it has been correctly physically moved to the network closet room.

My question is this since the ip address was setup correctly thru Cisco TAC support people...
and they have assigned it the public ip address, and the internal ip address.

The Cisco router does the NAT function and it works well.

Am I suppose to be able to ping the Cisco PIX 501 external ip address from the outside ?
I want to be able to remotely telnet or ssh into the cisco devices both the router and the pix firewall.

Right now, I do have access to telnet into the Cisco 1700 router remotely and gain access to it.

I want to do the same with the pix 501... I don't know the process to do this.
Cisco told me that I should not be able to ping the INternal ip address of the PIX firewall, which I completely understand.

But what is the process to be able to ssh into the PIX firewall ?

I would appreciate the help... Thank you,

Richard
0
Comment
Question by:rchang1967
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 18

Accepted Solution

by:
chicagoan earned 500 total points
ID: 9748788
>Am I suppose to be able to ping the Cisco PIX 501 external ip address from the outside ?
Not in the usual configuration.

>I want to be able to remotely telnet or ssh into the cisco devices both the router and the pix firewall.

Assign a hostname and domain name to the PIX.

pixfirewall(config)# hostname  changsbox
changsbox(config)# domain-name chang.com

Generate an RSA Key pair and save the keys.

changsbox(config)# ca generate rsa key 2048
For <key_modulus_size> >= 1024, key generation could
take up to several minutes. Please wait..........
After generating the keys, you must save them or they'll be lost at the next reload.

changsbox(config)# ca save all
Specify what hosts are allowed to SSH to the PIX and set the SSH inactivity timeout.
changsbox(config)# ssh my.ip.at.home 255.255.255.255 outside
changsbox(config)# ssh timeout 60

>I want to do the same with the pix 501... I don't know the process to do this.
Same drill
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Moving your enterprise fax infrastructure from in-house fax machines and servers to the cloud makes sense — from both an efficiency and productivity standpoint. But does migrating to a cloud fax solution mean you will no longer be able to send or re…
This article outlines why you need to choose a backup solution that protects your entire environment – including your VMware ESXi and Microsoft Hyper-V virtualization hosts – not just your virtual machines.
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question