|
|
Question : Problem: Cisco PIX 501 Remote PDM access from the Internet
|
|
I have a Cisco PIX 501 connected to the WAN with a public IP address. I have setup the PIX just fine, and I can access the PDM through my web browser only on the Internal side. But I cannot access the PDM from the outside world, but I can ping my Public IP address on the WAN side of the PIX. How do I setup the PIX so I can remotely manage the unit if I'am out on the Internet?
|
Answer : Problem: Cisco PIX 501 Remote PDM access from the Internet
|
|
I just wanted to add my two cents to this discussion...not looking for any points, just wanted to clarify some things.
When you add a command like:
http 10.5.10.70 255.255.255.255 outside
You are really telling the PIX to allow the host 10.5.10.70 to TRY and login via an HTTPS (not http) connection. It will still require the enable password or some other user authentication if you have xauth configured. Even though the command reads "http", the PIX only allows https connections for the PDM. Therefore, the traffic is encrypted and is not any less safe than an SSH session.
Having said that, I would never put in the command "http 0.0.0.0 0.0.0.0 outside" since this would allow ANYONE to try and establish a PDM session on the outside interface. This is definitely considered insecure.
You should not have to configure any access list statements to allow an external PDM session to be established. It only takes these two commands and no others:
http > ept_connections> http server enable
|
|
|
|