Tony, Please see: http://www.cisco.com/warp/public/707/ssh.shtml#ver
Liberty for All, Brian At 04:12 PM 11/12/2001 -0500, Tony Carter wrote: >Brian, >Can you please clarify the statement you made below. I understood that >anything less than SSH v2.0 should not be used. >With the recent issues with ssh, it may be a sitting target. > >re: >Cisco currently has no plans for v2.0 or later (it offers no advantage for >Telnet access)" > >-Tony > > >-----Original Message----- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED]]On Behalf Of Brian Ford >Sent: Thursday, November 08, 2001 8:42 AM >To: Harry Whitehouse >Cc: [EMAIL PROTECTED] >Subject: Re: Configuring PIX via TCP/IP Connection? > > >Harry, > >Ahh, serial connectivity. Do you have a 2509 or a 2511 access server with >an octopus cable? You can Telnet to the access server and then gain >console access via serial cable to a locally attached device (PIX, router, >switch, etc...). > >You have a number of options for configuring the PIX over the (TCP/IP) >network. All assume that the PIX can be configured in advance. > >As Jay pointed out you can configure Telnet to the PIX. Permitting Telnet >access to the PIX is only allowed from the inside interface. Any sessions >that attempt to initiate from the outside interface must be IPsec. If they >are not IPsec, they are rejected (they can be configured but just don't >work, ugh). You can define a range of addresses from the inside network >from which Telnet is allowed. That is configurable with a net mask so you >can narrow it to a range or an individual IP address. > >You can configure the PIX to accept a Telnet session over the outside >(actually any) interface using IPsec. You have a range of control over the >IP addresses that will be accepted from. I'd suggest using a different >IPsec configuration for remote management as opposed to site to site >connectivity (pre-shared and DES is good). > >You can configure SSH (Telnet) access to the PIX. The PIX supports SSH >v1.5 implementations. Cisco currently has no plans for v2.0 or later (it >offers no advantage for Telnet access). > >PIX Device Manager (PDM) GUI uses SSL when connecting to the PIX. PDM is a >v6.0 add-on (a separate file from the PIX OS). You can use this from the >inside or the outside interface. The IPsec session is still a requirement >for outside access. I use PDM to manage a number of PIXen. I created a >web page on my management station that allows me to browse to any one of >the PIX. Be careful though, I have found that some PCs cannot handle >running multiple SSL sessions well (more memory?). > >In order to log Telnet management access to the PIX you'll probably want to >configure Syslog for either notifications (Syslog level 5) or informational >(Syslog level 6) or better. > >In v5.3 you have Telnet, SSH and IPsec options. > >In v6.0 (and later) the PIX OS implemented the "setup" feature. If the PIX >starts and finds no configuration it will ask the console if the admin >wants to run through a setup dialogue. The setup dialogue works in >conjunction with PDM, and sets the PIX up to allow PDM access from the >inside. > >In v6.1 the PIX 501 does come with "plug and play" configuration. That >pre-configures the PIX to expect a DHCP server on the outside interface >(PIX DHCP client) and act as a DHCP server to a pool of 256 inside IP >addresses. You can order that same configuration on any new PIX but it is >standard on the 501. > >Liberty for All, > >Brian > > >At 09:08 PM 11/7/2001 -0800, "Harry Whitehouse" <[EMAIL PROTECTED]> wrote: > >From: "Harry Whitehouse" <[EMAIL PROTECTED]> > >To: <[EMAIL PROTECTED]> > >Subject: Configuring PIX via TCP/IP Connection? > >Date: Thu, 1 Nov 2001 12:52:09 -0800 > > > >Hello All! > > > >I've pretty much got the PIX configuration process down using a serial > >cable, but in reading the manual it seems to suggest that I could issue the > >same configuration commands via an internet or intranet connection. Now > >that I have several PIX's and only one serial cable, I'm looking for some > >alternatives <g>. > > > >So, can one really configure via TCP/IP? If so, how do I go about it? >Does > >one use Telenet? Do you work from the inside or outside of the PIX >(network > >wise). What address/port do you connect to? > > > >I'm running 5.3 OS on my boxes. I've heard that 6.0 might have a better > >configuration interface. Can anyone confirm that? > > > >TIA > > > >Harry > >_______________________________________________ >Firewalls mailing list >[EMAIL PROTECTED] >http://lists.gnac.net/mailman/listinfo/firewalls _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
