Kenny,
...Never had working on a PIX that didn't have any Encryption installed,
I wouldn't know if it is absolutely true that you have to have it just
to use the GUI, but if the requirements are such, then you need to go
onto Cisco's website and apply for the free DES license key.
After that, if you want to connect to a remote PIX using the GUI, you
will need to follow the cook-book solution Cisco has posted on CCO for
establishing a VPN tunnel between the two PIXen in question, and then
you can use the GUI to remotely manage the other PIX. Your best bet is
to just forget about the GUI for now, and set up SSH on each PIX, and
connect using that. Learn the CLI well, and then use the GUI for all it
really is good for- Monitoring functions.
My biggest pet peeve is that the GUI does not support ALIAS commands in
your PIX config... as well as a few other items like the such that are
more advanced.
For the time setting, just set the clock using the following syntax:
Usage: clock set { | }
clock summer-time recurring [
] []
clock summer-time date { | }
{ | }
[]
no clock summer-time
clock timezone []
no clock timezone
show clock [detail]
Hope that helps.
Mark
-----Original Message-----
From: Kenny Smith [mailto:fwdog@;hotmail.com]
Sent: Wednesday, October 30, 2002 12:04 AM
To: [EMAIL PROTECTED]
Subject: RE: how to telnet to other FROM PIX? [7:56435]
Hi.. Thanks for your information. I think I didn't fullfil the
following
two requirements in order to connect to the PIX via GUI.
e. The PIX Firewall clock is set to UTC. To determine if the PIX
Firewall
clock is set to UTC, enter the show clock command and check the output.
singpix01(config)# sh clock
06:54:07 Oct 30 2002
May I know how to set clock to UTC, I found that I can't set the
timezone.
Why we need to set the clock to UTC in order to connect PIX via GUI?
f. You have the activation key to use DES or above.
I don't have it as shown below. Do I need to buy ?
singpix01(config)# sh ver
Cisco Secure PIX Firewall Version 6.0(1)
PIX Device Manager Version 1.0(1)
Compiled on Thu 17-May-01 20:05 by morlee
singpix01 up 9 days 22 hours
Hardware: PIX-515, 64 MB RAM, CPU Pentium 200 MHz
Flash i28F640J5 @ 0x300, 16MB
BIOS Flash AT29C257 @ 0xfffd8000, 32KB
0: ethernet0: address is 0003.6bf6.e752, irq 11
1: ethernet1: address is 0003.6bf6.e753, irq 10
2: ethernet2: address is 00e0.b603.4830, irq 9
3: ethernet3: address is 00e0.b603.482f, irq 9
4: ethernet4: address is 00e0.b603.482e, irq 9
5: ethernet5: address is 00e0.b603.482d, irq 9
Licensed Features:
Failover: Enabled
VPN-DES: Disabled
VPN-3DES: Disabled
Maximum Interfaces: 6
Cut-through Proxy: Enabled
Guards: Enabled
Websense: Enabled
Throughput: Unlimited
ISAKMP peers: Unlimited
Serial Number: XXXXXXXX (XXXXXXX)
Activation Key: XXXXXXXXXXXXXXXXX
>From: "Ritchie, Brian"
>Reply-To: "Ritchie, Brian"
>To: [EMAIL PROTECTED]
>Subject: RE: how to telnet to other FROM PIX? [7:56435]
>Date: Tue, 29 Oct 2002 09:54:03 GMT
>
>The PIX does not support telnet in the same way that a router or switch
>does, you can telnet to the PIX but you cannot telnet from it to other
>hosts.
>
>To manage the PIX using a web browser you use HTTPS not HTTP, so the
'url'
>would be https://PIX_IP_Address. This will allow you to browse to it
>assuming all other configuration tasks have been completed. If you are
>still
>having problems visit
>http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_60/pdm_in
/impr
>ove.htm#xtocid1 for more help.
>
>Hope this helps, Brian
>
>
>-----Original Message-----
>From: Kenny Smith [mailto:fwdog@;hotmail.com]
>Sent: 29 October 2002 06:56
>To: [EMAIL PROTECTED]
>Subject: how to telnet to other FROM PIX? [7:56435]
>
>
>Hi.. May I know how to telnet to other hosts FROM the PIX firewall,
when I
>type the following, it gives me no available command
>
>singpix01# telnet 10.100.100.49
>Type help or '?' for a list of available commands.
>
>Besides, can I manage the PIX with the web interface by point my web
>browser
>
>to the following. http://PIX_IP_ADDRESS. But it doesn't work
>
>I thought below is the necessary confi, and 10.100.100.199 is my
>workstation
>
>IP
>
>http server enable
>http 10.100.100.199 255.255.255.255 inside
>
>
>_________________________________________________________________
>Surf the Web without missing calls! Get MSN Broadband.
>http://resourcecenter.msn.com/access/plans/freeactivation.asp
>This e-mail and any files transmitted with it are intended solely for
the
>addressee and are confidential. They may also be legally privileged.
>Copyright in them is reserved by Delphis Consulting PLC ["Delphis"] and
>they must not be disclosed to, or used by, anyone other than the
addressee.
>
>If you have received this e-mail and any accompanying files in error,
you
>may not copy, publish or use them in any way and you should delete them
>from your system and notify us immediately.
>
>E-mails are not secure. Delphis does not accept responsibility for
changes
>to e-mails that occur after they have been sent.
>
>Any opinions expressed in this e-mail may be personal to the author
>and may not necessarily reflect the opinions of Delphis.
_________________________________________________________________
Unlimited Internet access -- and 2 months free! Try MSN.
http://resourcecenter.msn.com/access/plans/2monthsfree.asp
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=56508&t=56435
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
