configuring cisco pix over ssh

my work comp is behind a cisco pix. i am trying to connect to a client’s VPN, but the cisco pix wont let me through. figured out that i need to open port 1723. but the pix admin just wont load. so trying to do this command line.

please help.. never done any command line firewall config.



Here are a series of answers that may or may not help you, add some comments and let me know what more you want to know if this doesn’t answer things.

(Warning: This process will depend on which version pix OS your box is running, I’m generating my example text from a Cisco ASA 5505 running 8.0(2). None of my instructions should do any harm on other releases but if you get errors from the commands then it may be because your pix has too different of a software release.)

A. How do you get into a pix via ssh:

If your using a command line ssh tool and accounting on the pix left at defaults, from the inside network do a:

% ssh -l pix ADDRESS-or-NAME-of-pix

When asked for a password use the same password you would for the web admin (back when it worked) (If you don’t know the password then try “cisco” and/or “Cisco”)

B. How do you configure the pix after you log in

Right after you login you see:

Type help of '?' for a list of available commands.

This is a user prompt for the pix box, so the first thing you need to do is upgrade your login to superuser (I.E. enable mode), so type the command “ena”. By default there will be no password so just hit return, if that password isn’t correct then try the password you used for ssh, if that doesn’t work then try “cisco”, and if not that then try “Cisco”

ciscoasa> ena 

Once your prompt has a “#” at the end you’ll have the user level you need to view and/or edit the configuration.

Its always best to start by dumping out the current configuration and setting a copy of it aside. Do that with the command “write t” (AKA output running configuration to the terminal)

ciscoasa# write t
: Saved
ASA Version 8.0(2) 
 [40 lines or more]
: end

Copy all the lines between the “: Saved'” line and the “: end” line, paste them into a text editor, and save the file somewhere safe. That file will be the backup of your current config.

The way that you change the configuration on a pix is to go into configuration mode. You do that with the command “conf t” (AKA configure this device from the terminal)

ciscoasa# conf t

When your prompt ends “(config)#” you know your in configuration mode, in this mode almost any command that you type (assuming it doesn’t have syntax errors) will be added to the configuration.

To exit configuration mode, just type “exit”

ciscoasa(config)# exit

C. How do you enable pptp on a pix

For this one I’m going to send you to the cisco documentation, because there are numerous different ways depending on which version of the OS your running.

Before I send you there though, let me show how to find out which version of the OS your running. In command mode run the command “show version”

ciscoasa# show version

Cisco Adaptive Security Appliance Software Version 8.0(2) 
  [a whole bunch more stuff]

The version number (at least in my case) is the number at the end of the first line.

Now here is the cisco document to look at for enabling a pptp passthrough: Permitting PPTP/L2TP Connections Through the PIX/ASA/FWSM

Source : Link , Question Author : Community , Answer Author : Community

Leave a Comment