Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Securely Administering Cisco 1841 Router & Cisco Pix 506E Firewall Remotely

Posted on 2006-06-25
2
877 Views
Last Modified: 2012-05-05
I need someone to provide me with detailed, step-by-step, idiot-proof instructions on how I should set up remote administration on both a Cisco 1841 Router & a Cisco 506E Pix Firewall.  

SHould I somehow enable secure telnet sessions and/or user name and passwords?

Is there a way that both of these devices can be administered remotely via HTTPS:// and logging in?  

Or perhaps the only real way to administer them would be to establish a VPN connection to the network and then telnetting in clear text?

Please help.  I'm not very familiar with Cisco devices or IOS yet.

Thanks!
0
Comment
Question by:taki1gostek
2 Comments
 
LVL 6

Expert Comment

by:Booda2us
ID: 16980254
Hello taki1gostek, here is a link to answer all of your Cisco questions:
http://www.cisco.com/public/support/tac/documentation.html
I beleive it would a quicker solution than bouncing Q's & A's back and forth. Since I don't have insight into what your Network goals and options are, that site is chock full of info you can access . If you need more feel free to post back and I will do my best to solve any problems....Hope this helps out...Booda2us
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 500 total points
ID: 16980345
Good news is that both the 1841 and the PIX can use HTTPS to administer.

You can restrict access to this secure web interface by using access-class on the router and http lists on the PIX.

On the PIX, the following commands allow specified hosts access to the web gui:
where "a.b.c.d" is your home IP address
 http a.b.c.d 255.255.255.255 outside

That's it!
If you want a failsafe ssh access from anywhere (like Laptop Lane at the airport, or a WiFi hotspot somewhere):
 ssh 0.0.0.0 0.0.0.0 outside  <== access ssh from anywhere

On the 1841, by default HTTP access is open from anywhere, but with username/password restriction. The following commands need to be changed:

ip http secure-server
no ip http server
access-list 8 permit a.b.c.d   <== your home IP
access-list 8 permit d.e.f.g   <== IP of the PIX outside so that you can access from inside the PIX
ip http access-class 8
username <yourusername> password <yourpasswd>
ip http authentication local

Disable telnet to the router:
 line vty 5 15
 transport input none





0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

    Over the past few years, small business and home owners have become so dependent on internet that a need for redundancy has arisen.    What happens when your small business or home / home office loses its internet connection?  The results c…
This solves the problem of diagnosing why an internet connection is no longer working. It also helps identify the likely cause of the lost connection if the procedure fails to re-establish your internet connection. It helps to pinpoint the likely co…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

837 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question