|
Remote admin PIX
Hey
I have a number of PIX's that are in the field connected to cable modems or DSL that are assigned DHCP addresses by the ISP. I administer most of these from the main site over ssh. They all have VPN to the main site. Most of em keep the DHCP address for long periods of time, this is good. For a handful their address changes every once in a while and this breaks my ssh until someone at the remote site logs into PIX and issues a ca zero key and then a ca gen rsa key ... What other ways can I remotely config a PIX ? How are you all managing your remote PIX's ?? Thanks Much Timo |
Re: Remote admin PIX
In article <5a033f8c.0402091720.6d442e17@posting.google.com >,
timo <timo@theglens.net> wrote: :I have a number of PIX's that are in the field connected to cable :modems or DSL that are assigned DHCP addresses by the ISP. I :administer most of these from the main site over ssh. They all have :VPN to the main site. Most of em keep the DHCP address for long :periods of time, this is good. For a handful their address changes :every once in a while OK. :and this breaks my ssh until someone at the :remote site logs into PIX and issues a ca zero key and then a ca :gen rsa key ... That's not needed. Configure ca identity hostname before you generate the key, and then as long as you don't change the 'hostname' setting the key will be good. -- I was very young in those days, but I was also rather dim. -- Christopher Priest |
Re: Remote admin PIX
Hey
I cant seem to get the ca identity hostname to work... When I enter it in like that I get incorrect number of parameters. I tried a number of other varieties ... ca ident MYPIXHOST hostname (no explicit error , but spits cmd usage so I think its wrong). ca ident pix.domainname.com host (no explicit error , but spits cmd usage so I think its wrong). and a bunch of other combos .... I tried this with and without an rsa key. The PIX docu says ca identity ca_nickname [ca_ipaddress| hostname [:ca_script_location] [ldap_ip address| hostname]] Any idea whats going on here ? Thanks Much! Timo roberson@ibd.nrc-cnrc.gc.ca (Walter Roberson) wrote in message news:<c09cbf$1j9$1@canopus.cc.umanitoba.ca>... > In article <5a033f8c.0402091720.6d442e17@posting.google.com >, > timo <timo@theglens.net> wrote: > :I have a number of PIX's that are in the field connected to cable > :modems or DSL that are assigned DHCP addresses by the ISP. I > :administer most of these from the main site over ssh. They all have > :VPN to the main site. Most of em keep the DHCP address for long > :periods of time, this is good. For a handful their address changes > :every once in a while > > OK. > > :and this breaks my ssh until someone at the > :remote site logs into PIX and issues a ca zero key and then a ca > :gen rsa key ... > > That's not needed. Configure ca identity hostname > before you generate the key, and then as long as you don't change > the 'hostname' setting the key will be good. |
| All times are GMT. The time now is 10:00 AM. |
Powered by vBulletin®. Copyright ©2000 - 2013, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.