Cisco - управление cisco <Cisco PIX 515 Firewall>

Tonny_Bennet · Конфигурация компьютера

У CISCO есть такая приблуда называется Cisco Network Assistant. Может подключаться к железкам и в довольно простом виде всё настраивать. Есть некоторое описание и мануал http://www.cisco.com/en/US/docs/net_.../OL12210a.html

Скачать его можно бесплатно с сайта cisco

P.S. как цисковод цисководу советую осваивать консоль

zonderz · Отправлено: **00:12, 22-06-2010** | #3

Цитата oren_yastreb:

Может подскажете графическое средство для управление это железкой »

cisco pix device manager
http://www.cisco.com/en/US/products/..._selector.html

Цитата oren_yastreb:

3398(rdp) »

по умолчанию порт другой

oren_yastreb · Отправлено: **06:26, 22-06-2010** | #4

по поводу Cisco Network Assistant.

Неподскажите почему именно к Cisco PIX 515 Firewall она не подкючается. К этажным свичам cisco подключается.
Может надо чтото включить на Cisco PIX 515 Firewall, потомучто пинг идет а подключениея нет

menpavel · Отправлено: **06:42, 22-06-2010** | #5

http://www.cisco.com/en/US/docs/net_...sh/gsg_en.html

oren_yastreb · Отправлено: **06:46, 22-06-2010** | #6

на нем может можно включить управление через web интерфейс. пинг то идет к нему

menpavel · Отправлено: **12:33, 22-06-2010** | #7

выкладывай конфиг циски!

enable
sh running-config

Цитата oren_yastreb:

Пробовал через консоль,ничего не получтлось.»

имеется ввиду голубеньким консольным проводом?
Попробуй еще по SSH подключиться. PS: для SSH под винду есть отличный клиент putty называется.

kim-aa · Конфигурация компьютера

Цитата oren_yastreb:

по поводу Cisco Network Assistant.
Неподскажите почему именно к Cisco PIX 515 Firewall она не подкючается. К этажным свичам cisco подключается. »

Вероятнее всего доступ закрыт на самом Pix по 22 порту

Выход один - подключится консольным кабелем

Цитата oren_yastreb:

Пробовал через консоль,ничего не получтлось. Пробовал через http до него достучаться, тоже нет. Главное пингуется.
Может подскажете графическое средство для управление это железкой Или какими командами открыть порт 3398 протокол rpd »

"Графические средства" используют те же самые порты, что и ssh + hhtps.

У вас пароль от Pix'а есть или нет?

menpavel · Отправлено: **02:47, 23-06-2010** | #9

Может быть настроен вход только с определенных IP? В принципе из-за малой информативности предыдущих сообщений - вполне может быть. В любом случае, если устройство исправно - можно подключиться консольным проводом.

oren_yastreb · Отправлено: **14:18, 23-06-2010** | #10

: Saved
: Written by enable_15 at 17:50:50.662 UTC Sat Jan 23 2010
!
PIX Version 7.0(8)
!
hostname pixfirewall
domain-name cisco.com

!
interface Ethernet0
speed 100
duplex full
no nameif
no security-level
no ip address
!
interface Ethernet0.1
vlan 2
nameif inside
security-level 100
ip address xxxxxxx xxxxxxx
!
interface Ethernet0.2
vlan 4
nameif DMZ
security-level 50
ip address xxxxxxx
!
interface Ethernet0.3
vlan 5
nameif outside
security-level 0
ip address xxxxxxx xxxxxxx
!
interface Ethernet1
speed 100
duplex full
no nameif
no security-level
no ip address
!
interface Ethernet2
speed 100
duplex full
no nameif
no security-level
no ip address
!
boot system flash:/image.bin
ftp mode passive
access-list no_nat extended permit ip host xxxxxxx any
access-list no_nat extended permit icmp host xxxxxxx any
access-list in_acl extended permit tcp host xxxxxxx host xxxxxxx eq smtp
access-list in_acl extended permit tcp xxxxxxx xxxxxxx host xxxxxxx eq 8080
access-list in_acl extended permit udp host xxxxxxx any eq domain
access-list in_acl extended permit ip host xxxxxxx host xxxxxxx
access-list in_acl extended permit ip host 192.168.0.243 host xxxxxxx
access-list in_acl extended permit tcp host 192.168.0.19 any eq smtp
access-list in_acl extended permit tcp host 192.168.0.19 any eq pop3
access-list in_acl extended permit tcp host xxxxxxx any eq smtp
access-list in_acl extended permit tcp host 192.168.0.200 host xxxxxxx eq ftp
access-list in_acl extended permit icmp host 192.168.0.200 host xxxxxxx
access-list in_acl extended permit ip host 192.168.0.200 host xxxxxxx
access-list in_acl extended permit ip host 192.168.0.200 host xxxxxxx
access-list in_acl extended permit ip host 192.168.0.200 host xxxxxxx
access-list in_acl extended permit ip host 192.168.0.200 host xxxxxxx
access-list in_acl extended permit tcp xxxxxxx xxxxxxx host xxxxxxx eq www
access-list in_acl extended permit ip host 192.168.0.200 host 80.253.4.7
access-list in_acl extended permit ip host 192.168.0.200 host 80.253.4.6
access-list in_acl extended permit tcp host 192.168.0.200 host 81.23.101.8 eq ftp
access-list in_acl extended permit tcp host 192.168.0.200 host 85.249.141.170 eq ftp
access-list in_acl extended permit ip host 192.168.0.200 any
access-list in_acl extended permit tcp host xxxxxxx host 216.21.229.209 eq ftp
access-list in_acl extended permit tcp host 192.168.0.66 any eq ftp
access-list in_acl extended permit tcp host 192.168.0.66 any eq smtp
access-list in_acl extended permit tcp host 192.168.0.66 any eq pop3
access-list in_acl extended permit tcp any host xxxxxxx eq xxxxxxx
access-list in_acl extended permit tcp any host xxxxxxx eq xxxxxxx
access-list in_acl extended permit icmp any xxxxxxx xxxxxxx
access-list in_acl extended permit ip host xxxxxxx any
access-list in_acl extended permit ip host 192.168.0.253 any
access-list in_acl extended permit ip host 192.168.0.252 any
access-list in_acl extended permit ip host 192.168.0.251 any
access-list in_acl extended permit ip host xxxxxxx any
access-list in_acl extended permit ip host 192.168.0.51 any
access-list in_acl extended permit ip host 192.168.1.240 any
access-list in_acl extended permit ip host 192.168.1.253 any
access-list in_acl extended permit ip host 192.168.1.252 any
access-list in_acl extended permit ip host 192.168.1.251 any
access-list in_acl extended permit ip host 192.168.1.195 any
access-list in_acl extended permit ip host 192.168.1.51 any
access-list in_acl extended permit ip host 192.168.0.205 any
access-list in_acl extended permit tcp any host xxxxxxx eq 3389
access-list no_nat_ins extended permit ip xxxxxxx xxxxxxx host xxxxxxx
access-list no_nat_ins extended permit ip xxxxxxx xxxxxxx xxxxxxx xxxxxxx
access-list no_nat_ins extended permit ip 172.16.2.0 xxxxxxx xxxxxxx xxxxxxx
access-list dmz_acl extended permit udp host xxxxxxx host xxxxxxx eq domain
access-list dmz_acl extended permit ip host xxxxxxx any
access-list dmz_acl extended permit ip host xxxxxxx host xxxxxxx
access-list dmz_acl extended permit icmp host xxxxxxx any
access-list nat_acl extended permit udp host xxxxxxx any eq domain
access-list nat_acl extended permit tcp host 192.168.0.19 any eq smtp
access-list nat_acl extended permit tcp host 192.168.0.19 any eq pop3
access-list nat_acl extended permit tcp host xxxxxxx any eq smtp
access-list nat_acl extended permit tcp host 192.168.0.200 host xxxxxxx eq ftp
access-list nat_acl extended permit icmp host 192.168.0.200 host xxxxxxx
access-list nat_acl extended permit ip host 192.168.0.200 host xxxxxxx
access-list nat_acl extended permit ip host 192.168.0.200 host xxxxxxx
access-list nat_acl extended permit ip host 192.168.0.200 host xxxxxxx
access-list nat_acl extended permit ip host 192.168.0.200 host xxxxxxx
access-list nat_acl extended permit ip host 192.168.0.200 host xxxxxxx
access-list nat_acl extended permit ip host 192.168.0.200 host xxxxxxx
access-list nat_acl extended permit tcp host 192.168.0.200 host xxxxxxx eq ftp
access-list nat_acl extended permit tcp host 192.168.0.200 host xxxxxxx eq ftp
access-list nat_acl extended permit ip host 192.168.0.200 any
access-list nat_acl extended permit tcp host xxxxxxx host xxxxxxx eq ftp
access-list nat_acl extended permit tcp host 192.168.0.66 any eq ftp
access-list nat_acl extended permit tcp host 192.168.0.66 any eq smtp
access-list nat_acl extended permit tcp host 192.168.0.66 any eq pop3
access-list nat_acl extended permit ip host xxxxxxx any
access-list nat_acl extended permit ip host 192.168.0.253 any
access-list nat_acl extended permit ip host 192.168.0.252 any
access-list nat_acl extended permit ip host 192.168.0.251 any
access-list nat_acl extended permit ip host xxxxxxx any
access-list nat_acl extended permit ip host 192.168.0.51 any
access-list nat_acl extended permit ip host 192.168.1.253 any
access-list nat_acl extended permit ip host 192.168.1.252 any
access-list nat_acl extended permit ip host 192.168.1.251 any
access-list nat_acl extended permit ip host 192.168.1.195 any
access-list nat_acl extended permit ip host 192.168.1.51 any
access-list nat_acl extended permit ip host 192.168.0.205 any
access-list nat_acl extended permit tcp any host xxxxxxx eq 3389
access-list outside_acl extended permit tcp any host xxxxxxx eq smtp
access-list outside_acl extended permit ip host xxxxxxx host xxxxxxx
access-list outside_acl extended permit icmp any host xxxxxxx
access-list outside_acl extended permit tcp host xxxxxxx host xxxxxxx eq 3389
access-list outside_acl extended permit tcp host xxxxxxx any eq xxxxxxx
access-list outside_acl extended permit tcp host xxxxxxx any eq xxxxxxx
access-list outside_acl extended permit tcp host xxxxxxx host xxxxxxx eq 3389
access-list outside_acl extended permit tcp host xxxxxxx host xxxxxxx eq 3389
access-list vpn_route extended permit ip xxxxxxx xxxxxxx xxxxxxx xxxxxxx
access-list vpn_route extended permit ip xxxxxxx xxxxxxx xxxxxxx xxxxxxx
access-list vpn_route extended permit ip xxxxxxx xxxxxxx xxxxxxx xxxxxxx
access-list 110 extended permit tcp host xxxxxxx host xxxxxxx eq 3389
access-list 110 extended permit tcp host xxxxxxx host xxxxxxx eq 338
pager lines 24
mtu inside 1500
mtu DMZ 1500
mtu outside 1500
ip local pool VPNpool xxxxxxx-xxxxxxx
asdm image flash:/asdm508.bin
asdm history enable
arp timeout 14400
nat-control
global (outside) 1 interface
...
...
: end