Pix 501 remote access 2

[blackrabbit]

Is iut possible to connect a modem to a PIX 501 Console port to access the PIX remotely? I've seen the articles about doing it remotley through the web but My boss is insisting that we use a modem. Cisco does not support this since its a security device.

 

[yodatech]

Disadvantages of connecting a modem on the console port:
The console port does not support RS232 modem control (data set ready/Data Carrier Detect (DSR/DCD), data terminal ready (DTR)). Therefore, when the EXEC session terminates (logout), the modem connection will not drop automatically; the user will need to manually disconnect the session.

More seriously, if the modem connection should drop, the EXEC session will not automatically reset. This can present a security hole, in that a subsequent call into that modem will be able to access the console without entering a password. The hole can be made smaller by setting a tight exec-timeout on the line. However, if security is important, it is recommended to use a modem that can provide a password prompt.

Unlike other async lines, the console port does not support hardware (Clear to Send/Ready to Send (CTS/RTS) flow control. It is recommended to use no flow control. If data overruns are encountered, however, software (XON/XOFF) flow control may be enabled.

The console ports on most systems only support speeds of up to 9600 bps.

The console port lacks reverse telnet capability. If the modem loses its stored initialization string, the only remedy is to physically disconnect the modem from the router and attach it to another device (such as an AUX port or a PC) to reinitialize. If a modem on an AUX port loses its initialization string, you can use reverse telnet remotely to correct the problem.

A console port cannot be used for dial-on-demand routing; it has no corresponding async interface.

It is for this reason and the additional problems that you should avoid any use of a PIX console port as a modem port.

I would recomend a DMZ port and a dialup router be used to provide modem control security and dialup access at the same time.
Yodatech
James Yearnd
yodatech@yahoo.com

 

[308win]

You can use one of these:

http://www.baytech.net/cgi-private/product?product=DS2-RPC

A modem/console/powerstrip all in one.

They work well, the unit is password protected. Console access and power control for up to 4 devices.

 

[blackrabbit]

i tried the link but its busted. but i did go to the site and took a look at the console stuff there. thanks i think these will work. i tried telling my boss not to use a modem but he is insisting we do it. thanks.

 

[blackrabbit]

i finnaly got a response from the cisco tac on how to console into a pix using a modem and it worked like a charm.

 

[chicocouk]

Care to share?

 

[blackrabbit]

Ok here is what i got from cisco:

First you need an rj45 to db25 pin adapter from cisco the product number is: CAB-5MODCM=
and the cisco part number is: 29-0881-01


You can find them at insight.com. the mfg part num on insight is CAB-5MODCM= They are hard to find there but you can find them. I am using US robotics 56k modems for this:

I first connected the modem to my laptop and then set the dip switches to 3 & 8 down and all others up. The i turned it on and used hyperterm to enter the following AT command at&fs0=1&c1&h0&d2&r2&b1&m4&k0&n6&w

then without turning off the modem i set the dip switches to 1 & 4 & 8 down and all others up and then turned it off. Then i connected a console cable coming from the console port on the pix to the cisco adapter that i plugged into the modem. i then used my laptop's modem to dial the 56k modem and when it connected i hit return and "TA-DA" the pix console came up just like if i was using hyperterm directly connected to the pix. For security reasons i leave the modems off until i need to get into the pix then i have the people there turn them on.

If anyone wants the email printout i got from cisco and the page from insight with the adapter listed give me a fax number and i'll fax it to you. i made like 20 copies of it so i have them around my office.