Solved

Securely Administering Cisco 1841 Router & Cisco Pix 506E Firewall Remotely

Posted on 2006-06-25
2
846 Views
Last Modified: 2012-05-05
I need someone to provide me with detailed, step-by-step, idiot-proof instructions on how I should set up remote administration on both a Cisco 1841 Router & a Cisco 506E Pix Firewall.  

SHould I somehow enable secure telnet sessions and/or user name and passwords?

Is there a way that both of these devices can be administered remotely via HTTPS:// and logging in?  

Or perhaps the only real way to administer them would be to establish a VPN connection to the network and then telnetting in clear text?

Please help.  I'm not very familiar with Cisco devices or IOS yet.

Thanks!
0
Comment
Question by:taki1gostek
2 Comments
 
LVL 6

Expert Comment

by:Booda2us
ID: 16980254
Hello taki1gostek, here is a link to answer all of your Cisco questions:
http://www.cisco.com/public/support/tac/documentation.html
I beleive it would a quicker solution than bouncing Q's & A's back and forth. Since I don't have insight into what your Network goals and options are, that site is chock full of info you can access . If you need more feel free to post back and I will do my best to solve any problems....Hope this helps out...Booda2us
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 500 total points
ID: 16980345
Good news is that both the 1841 and the PIX can use HTTPS to administer.

You can restrict access to this secure web interface by using access-class on the router and http lists on the PIX.

On the PIX, the following commands allow specified hosts access to the web gui:
where "a.b.c.d" is your home IP address
 http a.b.c.d 255.255.255.255 outside

That's it!
If you want a failsafe ssh access from anywhere (like Laptop Lane at the airport, or a WiFi hotspot somewhere):
 ssh 0.0.0.0 0.0.0.0 outside  <== access ssh from anywhere

On the 1841, by default HTTP access is open from anywhere, but with username/password restriction. The following commands need to be changed:

ip http secure-server
no ip http server
access-list 8 permit a.b.c.d   <== your home IP
access-list 8 permit d.e.f.g   <== IP of the PIX outside so that you can access from inside the PIX
ip http access-class 8
username <yourusername> password <yourpasswd>
ip http authentication local

Disable telnet to the router:
 line vty 5 15
 transport input none





0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

This solves the problem of diagnosing why an internet connection is no longer working. It also helps identify the likely cause of the lost connection if the procedure fails to re-establish your internet connection. It helps to pinpoint the likely co…
Cable Modem Provisioning from DPoE compliant server  This Article is to support CMTS administrators to provide an overview of DOCSIS compliance configuration file, and to provision a cable modem located at customer place from a Back office serve…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now