Solved

Securely Administering Cisco 1841 Router & Cisco Pix 506E Firewall Remotely

Posted on 2006-06-25
2
871 Views
Last Modified: 2012-05-05
I need someone to provide me with detailed, step-by-step, idiot-proof instructions on how I should set up remote administration on both a Cisco 1841 Router & a Cisco 506E Pix Firewall.  

SHould I somehow enable secure telnet sessions and/or user name and passwords?

Is there a way that both of these devices can be administered remotely via HTTPS:// and logging in?  

Or perhaps the only real way to administer them would be to establish a VPN connection to the network and then telnetting in clear text?

Please help.  I'm not very familiar with Cisco devices or IOS yet.

Thanks!
0
Comment
Question by:taki1gostek
2 Comments
 
LVL 6

Expert Comment

by:Booda2us
ID: 16980254
Hello taki1gostek, here is a link to answer all of your Cisco questions:
http://www.cisco.com/public/support/tac/documentation.html
I beleive it would a quicker solution than bouncing Q's & A's back and forth. Since I don't have insight into what your Network goals and options are, that site is chock full of info you can access . If you need more feel free to post back and I will do my best to solve any problems....Hope this helps out...Booda2us
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 500 total points
ID: 16980345
Good news is that both the 1841 and the PIX can use HTTPS to administer.

You can restrict access to this secure web interface by using access-class on the router and http lists on the PIX.

On the PIX, the following commands allow specified hosts access to the web gui:
where "a.b.c.d" is your home IP address
 http a.b.c.d 255.255.255.255 outside

That's it!
If you want a failsafe ssh access from anywhere (like Laptop Lane at the airport, or a WiFi hotspot somewhere):
 ssh 0.0.0.0 0.0.0.0 outside  <== access ssh from anywhere

On the 1841, by default HTTP access is open from anywhere, but with username/password restriction. The following commands need to be changed:

ip http secure-server
no ip http server
access-list 8 permit a.b.c.d   <== your home IP
access-list 8 permit d.e.f.g   <== IP of the PIX outside so that you can access from inside the PIX
ip http access-class 8
username <yourusername> password <yourpasswd>
ip http authentication local

Disable telnet to the router:
 line vty 5 15
 transport input none





0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

    Over the past few years, small business and home owners have become so dependent on internet that a need for redundancy has arisen.    What happens when your small business or home / home office loses its internet connection?  The results c…
Cable Modem Provisioning from DPoE compliant server  This Article is to support CMTS administrators to provide an overview of DOCSIS compliance configuration file, and to provision a cable modem located at customer place from a Back office serve…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question