Velocity Reviews

Velocity Reviews (http://www.velocityreviews.com/forums/index.php)
-   Cisco (http://www.velocityreviews.com/forums/f27-cisco.html)
-   -   Remote admin PIX (http://www.velocityreviews.com/forums/t32107-remote-admin-pix.html)

timo 02-10-2004 01:20 AM

Remote admin PIX
 
Hey

I have a number of PIX's that are in the field connected to cable
modems or DSL that are assigned DHCP addresses by the ISP. I
administer most of these from the main site over ssh. They all have
VPN to the main site. Most of em keep the DHCP address for long
periods of time, this is good. For a handful their address changes
every once in a while and this breaks my ssh until someone at the
remote site logs into PIX and issues a ca zero key and then a ca
gen rsa key ...

What other ways can I remotely config a PIX ?

How are you all managing your remote PIX's ??

Thanks Much

Timo

Walter Roberson 02-10-2004 01:32 AM

Re: Remote admin PIX
 
In article <5a033f8c.0402091720.6d442e17@posting.google.com >,
timo <timo@theglens.net> wrote:
:I have a number of PIX's that are in the field connected to cable
:modems or DSL that are assigned DHCP addresses by the ISP. I
:administer most of these from the main site over ssh. They all have
:VPN to the main site. Most of em keep the DHCP address for long
:periods of time, this is good. For a handful their address changes
:every once in a while

OK.

:and this breaks my ssh until someone at the
:remote site logs into PIX and issues a ca zero key and then a ca
:gen rsa key ...

That's not needed. Configure ca identity hostname
before you generate the key, and then as long as you don't change
the 'hostname' setting the key will be good.
--
I was very young in those days, but I was also rather dim.
-- Christopher Priest

timo 02-14-2004 03:46 PM

Re: Remote admin PIX
 
Hey

I cant seem to get the ca identity hostname to work...

When I enter it in like that I get incorrect number of parameters.
I tried a number of other varieties ...
ca ident MYPIXHOST hostname (no explicit error , but spits cmd usage
so I think its wrong).
ca ident pix.domainname.com host (no explicit error , but spits cmd
usage so I think its wrong).

and a bunch of other combos .... I tried this with and without an rsa
key. The PIX docu says ca identity ca_nickname [ca_ipaddress|
hostname [:ca_script_location] [ldap_ip address| hostname]]

Any idea whats going on here ? Thanks Much!

Timo



roberson@ibd.nrc-cnrc.gc.ca (Walter Roberson) wrote in message news:<c09cbf$1j9$1@canopus.cc.umanitoba.ca>...
> In article <5a033f8c.0402091720.6d442e17@posting.google.com >,
> timo <timo@theglens.net> wrote:
> :I have a number of PIX's that are in the field connected to cable
> :modems or DSL that are assigned DHCP addresses by the ISP. I
> :administer most of these from the main site over ssh. They all have
> :VPN to the main site. Most of em keep the DHCP address for long
> :periods of time, this is good. For a handful their address changes
> :every once in a while
>
> OK.
>
> :and this breaks my ssh until someone at the
> :remote site logs into PIX and issues a ca zero key and then a ca
> :gen rsa key ...
>
> That's not needed. Configure ca identity hostname
> before you generate the key, and then as long as you don't change
> the 'hostname' setting the key will be good.



All times are GMT. The time now is 12:11 AM.

Powered by vBulletin®. Copyright ©2000 - 2014, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.