If you are planning to do true out of band management, I would recommend
purchasing a Sentry Remote Power Commander and setting up a callback
number, plus some other form of authentication
/m
"Gomes, Carlos" <[EMAIL PROTECTED]>
02/16/00 11:48 PM
To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>,
[EMAIL PROTECTED]
cc: [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: RE: PIX -reply
You can setup dialup to PIX, however...
Be aware that console access (whether via modem or via a serial cable
connection) to the PIX bypasses the "user" level password protection
(i.e.,
once you connect you're given the user prompt and are ready to type "en"
and
be queried for the enable level password). This was the (unfortunate)
case
for 4.1, 4.2 and appears to be the case for 4.3 through 5.0 code. Given
this one could potentially wardial the enable password as you don't get
disconnected after 3 errors (you're set back to the user level prompt and
a
log entry is made if you enable logging). So if you stick a modem on
there
be prepared to review your logs and/or have a very, very long and
difficult
to guess/remember password.
This is unlike the Cisco IOS where you establish login and password on the
"con" and are disonnected after 3 failures for the user level login.
I'd recommend using a modem with a built in password (or some other
additional authentication method) to further ensure authorized only
console
access via dialup. Call me paranoid if you must.
ymmv,
C.G.
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, February 17, 2000 8:22 PM
> To: [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
> Subject: Re: PIX -reply
>
>
> Yes, very possible, it does work for out of band management.
> You need to
> configure a vty ..
>
> /mark
>
>
>
>
> [EMAIL PROTECTED]
> Sent by: [EMAIL PROTECTED]
> 02/16/00 10:32 AM
> Please respond to bbradd
>
>
> To: [EMAIL PROTECTED]
> cc:
> Subject: PIX
>
>
> At present, I have a customer who wants to hang a modem off
> the console
> port
> of the PIX. They know it is a bad idea but they want to avoid buying
> additioanl
> equipment.
>
> We have tried to dial into a test PIX using a modem and HyperTerm.
>
> So far no luck.
>
> We have received conflicting info from CISCO about whether or
> not this is
> possible. We have ASA 5.0(3) installed.
>
> Any ideas.
>
> If it can't be done, we need to be able to prove it to the customer.
>
> Bill Bradd
> [EMAIL PROTECTED]
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
