Securely Administering Cisco 1841 Router & Cisco Pix 506E Firewall Remotely

I need someone to provide me with detailed, step-by-step, idiot-proof instructions on how I should set up remote administration on both a Cisco 1841 Router & a Cisco 506E Pix Firewall.  

SHould I somehow enable secure telnet sessions and/or user name and passwords?

Is there a way that both of these devices can be administered remotely via HTTPS:// and logging in?  

Or perhaps the only real way to administer them would be to establish a VPN connection to the network and then telnetting in clear text?

Please help.  I'm not very familiar with Cisco devices or IOS yet.

Thanks!
LVL 2
taki1gostekAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
lrmooreConnect With a Mentor Commented:
Good news is that both the 1841 and the PIX can use HTTPS to administer.

You can restrict access to this secure web interface by using access-class on the router and http lists on the PIX.

On the PIX, the following commands allow specified hosts access to the web gui:
where "a.b.c.d" is your home IP address
 http a.b.c.d 255.255.255.255 outside

That's it!
If you want a failsafe ssh access from anywhere (like Laptop Lane at the airport, or a WiFi hotspot somewhere):
 ssh 0.0.0.0 0.0.0.0 outside  <== access ssh from anywhere

On the 1841, by default HTTP access is open from anywhere, but with username/password restriction. The following commands need to be changed:

ip http secure-server
no ip http server
access-list 8 permit a.b.c.d   <== your home IP
access-list 8 permit d.e.f.g   <== IP of the PIX outside so that you can access from inside the PIX
ip http access-class 8
username <yourusername> password <yourpasswd>
ip http authentication local

Disable telnet to the router:
 line vty 5 15
 transport input none





0
 
Booda2usCommented:
Hello taki1gostek, here is a link to answer all of your Cisco questions:
http://www.cisco.com/public/support/tac/documentation.html
I beleive it would a quicker solution than bouncing Q's & A's back and forth. Since I don't have insight into what your Network goals and options are, that site is chock full of info you can access . If you need more feel free to post back and I will do my best to solve any problems....Hope this helps out...Booda2us
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.