Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Securely Administering Cisco 1841 Router & Cisco Pix 506E Firewall Remotely

Posted on 2006-06-25
2
Medium Priority
?
915 Views
Last Modified: 2012-05-05
I need someone to provide me with detailed, step-by-step, idiot-proof instructions on how I should set up remote administration on both a Cisco 1841 Router & a Cisco 506E Pix Firewall.  

SHould I somehow enable secure telnet sessions and/or user name and passwords?

Is there a way that both of these devices can be administered remotely via HTTPS:// and logging in?  

Or perhaps the only real way to administer them would be to establish a VPN connection to the network and then telnetting in clear text?

Please help.  I'm not very familiar with Cisco devices or IOS yet.

Thanks!
0
Comment
Question by:taki1gostek
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 6

Expert Comment

by:Booda2us
ID: 16980254
Hello taki1gostek, here is a link to answer all of your Cisco questions:
http://www.cisco.com/public/support/tac/documentation.html
I beleive it would a quicker solution than bouncing Q's & A's back and forth. Since I don't have insight into what your Network goals and options are, that site is chock full of info you can access . If you need more feel free to post back and I will do my best to solve any problems....Hope this helps out...Booda2us
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 2000 total points
ID: 16980345
Good news is that both the 1841 and the PIX can use HTTPS to administer.

You can restrict access to this secure web interface by using access-class on the router and http lists on the PIX.

On the PIX, the following commands allow specified hosts access to the web gui:
where "a.b.c.d" is your home IP address
 http a.b.c.d 255.255.255.255 outside

That's it!
If you want a failsafe ssh access from anywhere (like Laptop Lane at the airport, or a WiFi hotspot somewhere):
 ssh 0.0.0.0 0.0.0.0 outside  <== access ssh from anywhere

On the 1841, by default HTTP access is open from anywhere, but with username/password restriction. The following commands need to be changed:

ip http secure-server
no ip http server
access-list 8 permit a.b.c.d   <== your home IP
access-list 8 permit d.e.f.g   <== IP of the PIX outside so that you can access from inside the PIX
ip http access-class 8
username <yourusername> password <yourpasswd>
ip http authentication local

Disable telnet to the router:
 line vty 5 15
 transport input none





0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Cable Modem Provisioning from DPoE compliant server  This Article is to support CMTS administrators to provide an overview of DOCSIS compliance configuration file, and to provision a cable modem located at customer place from a Back office serve…
Sometimes you have to pull out old tricks to get a new firewall to work… While we were installing a new Sonicwall at a customers site we found that sites they were able to visit before were not working.  It seemed random and we could not understa…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Want to learn how to record your desktop screen without having to use an outside camera. Click on this video and learn how to use the cool google extension called "Screencastify"! Step 1: Open a new google tab Step 2: Go to the left hand upper corn…

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question