Kenny, ...Never had working on a PIX that didn't have any Encryption installed, I wouldn't know if it is absolutely true that you have to have it just to use the GUI, but if the requirements are such, then you need to go onto Cisco's website and apply for the free DES license key.
After that, if you want to connect to a remote PIX using the GUI, you will need to follow the cook-book solution Cisco has posted on CCO for establishing a VPN tunnel between the two PIXen in question, and then you can use the GUI to remotely manage the other PIX. Your best bet is to just forget about the GUI for now, and set up SSH on each PIX, and connect using that. Learn the CLI well, and then use the GUI for all it really is good for- Monitoring functions. My biggest pet peeve is that the GUI does not support ALIAS commands in your PIX config... as well as a few other items like the such that are more advanced. For the time setting, just set the clock using the following syntax: Usage: clock set { | } clock summer-time recurring [ ] [] clock summer-time date { | } { | } [] no clock summer-time clock timezone [] no clock timezone show clock [detail] Hope that helps. Mark -----Original Message----- From: Kenny Smith [mailto:fwdog@;hotmail.com] Sent: Wednesday, October 30, 2002 12:04 AM To: [EMAIL PROTECTED] Subject: RE: how to telnet to other FROM PIX? [7:56435] Hi.. Thanks for your information. I think I didn't fullfil the following two requirements in order to connect to the PIX via GUI. e. The PIX Firewall clock is set to UTC. To determine if the PIX Firewall clock is set to UTC, enter the show clock command and check the output. singpix01(config)# sh clock 06:54:07 Oct 30 2002 May I know how to set clock to UTC, I found that I can't set the timezone. Why we need to set the clock to UTC in order to connect PIX via GUI? f. You have the activation key to use DES or above. I don't have it as shown below. Do I need to buy ? singpix01(config)# sh ver Cisco Secure PIX Firewall Version 6.0(1) PIX Device Manager Version 1.0(1) Compiled on Thu 17-May-01 20:05 by morlee singpix01 up 9 days 22 hours Hardware: PIX-515, 64 MB RAM, CPU Pentium 200 MHz Flash i28F640J5 @ 0x300, 16MB BIOS Flash AT29C257 @ 0xfffd8000, 32KB 0: ethernet0: address is 0003.6bf6.e752, irq 11 1: ethernet1: address is 0003.6bf6.e753, irq 10 2: ethernet2: address is 00e0.b603.4830, irq 9 3: ethernet3: address is 00e0.b603.482f, irq 9 4: ethernet4: address is 00e0.b603.482e, irq 9 5: ethernet5: address is 00e0.b603.482d, irq 9 Licensed Features: Failover: Enabled VPN-DES: Disabled VPN-3DES: Disabled Maximum Interfaces: 6 Cut-through Proxy: Enabled Guards: Enabled Websense: Enabled Throughput: Unlimited ISAKMP peers: Unlimited Serial Number: XXXXXXXX (XXXXXXX) Activation Key: XXXXXXXXXXXXXXXXX >From: "Ritchie, Brian" >Reply-To: "Ritchie, Brian" >To: [EMAIL PROTECTED] >Subject: RE: how to telnet to other FROM PIX? [7:56435] >Date: Tue, 29 Oct 2002 09:54:03 GMT > >The PIX does not support telnet in the same way that a router or switch >does, you can telnet to the PIX but you cannot telnet from it to other >hosts. > >To manage the PIX using a web browser you use HTTPS not HTTP, so the 'url' >would be https://PIX_IP_Address. This will allow you to browse to it >assuming all other configuration tasks have been completed. If you are >still >having problems visit >http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_60/pdm_in /impr >ove.htm#xtocid1 for more help. > >Hope this helps, Brian > > >-----Original Message----- >From: Kenny Smith [mailto:fwdog@;hotmail.com] >Sent: 29 October 2002 06:56 >To: [EMAIL PROTECTED] >Subject: how to telnet to other FROM PIX? [7:56435] > > >Hi.. May I know how to telnet to other hosts FROM the PIX firewall, when I >type the following, it gives me no available command > >singpix01# telnet 10.100.100.49 >Type help or '?' for a list of available commands. > >Besides, can I manage the PIX with the web interface by point my web >browser > >to the following. http://PIX_IP_ADDRESS. But it doesn't work > >I thought below is the necessary confi, and 10.100.100.199 is my >workstation > >IP > >http server enable >http 10.100.100.199 255.255.255.255 inside > > >_________________________________________________________________ >Surf the Web without missing calls! Get MSN Broadband. >http://resourcecenter.msn.com/access/plans/freeactivation.asp >This e-mail and any files transmitted with it are intended solely for the >addressee and are confidential. They may also be legally privileged. >Copyright in them is reserved by Delphis Consulting PLC ["Delphis"] and >they must not be disclosed to, or used by, anyone other than the addressee. > >If you have received this e-mail and any accompanying files in error, you >may not copy, publish or use them in any way and you should delete them >from your system and notify us immediately. > >E-mails are not secure. Delphis does not accept responsibility for changes >to e-mails that occur after they have been sent. > >Any opinions expressed in this e-mail may be personal to the author >and may not necessarily reflect the opinions of Delphis. _________________________________________________________________ Unlimited Internet access -- and 2 months free! Try MSN. http://resourcecenter.msn.com/access/plans/2monthsfree.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56508&t=56435 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]