Go Back   nV News Forums > Software Forums > Networking And Security

Newegg Daily Deals

Reply
 
Thread Tools
Old 02-24-09, 01:10 PM   #1
zoomy942
 
zoomy942's Avatar
 
Join Date: Dec 2003
Location: Bellevue, ID
Posts: 5,334
Send a message via AIM to zoomy942 Send a message via MSN to zoomy942
Default Need some Assistance with my firewall

So, Cox decided it would be cute to force me to change my IP's for my company (I only use 1 of 3) and while calling my Start of Authority for the A records is no big deal, i dont know for sure how to change my firewall to reflect those changes. I am looking at it with telnet and there are tons of 68.105.222.74 entries, and i assume i have to change them to say the new address. is this a manual thing i have to do? i have until Thrusday night to figure this part out. any help the guru's out there could offer would be excellent.
zoomy942 is offline   Reply With Quote
Old 02-24-09, 05:06 PM   #2
Bman212121
Registered User
 
Join Date: Jan 2006
Posts: 6,726
Default Re: Need some Assistance with my firewall

First question would be what type of device are we talking about? Secondly get rid of telnet and use SSH.
Bman212121 is offline   Reply With Quote
Old 02-24-09, 05:32 PM   #3
zoomy942
 
zoomy942's Avatar
 
Join Date: Dec 2003
Location: Bellevue, ID
Posts: 5,334
Send a message via AIM to zoomy942 Send a message via MSN to zoomy942
Default Re: Need some Assistance with my firewall

its a cisco pix 501 and ...um... i dont know how to use SSH
zoomy942 is offline   Reply With Quote
Old 02-24-09, 10:59 PM   #4
Bman212121
Registered User
 
Join Date: Jan 2006
Posts: 6,726
Default Re: Need some Assistance with my firewall

To SSH do this:

http://www.informit.com/articles/art...25342&seqNum=3

If your in configure terminal mode show the running config as they might already have ssh setup for a certain address.

I would say that you will need to change that ip for each time it comes up in your config, as everything is going to be manual. The easiest way is to copy/paste the running config into notepad, change them, then copy paste it back. Just make sure you do a "copy run start" or "write mem" to save the changes. (Not sure if both work on that model or not)

The two obvious things that will need to be changed are:

ip address outside

route outside

It will probably list a 2nd entry if you copy paste, so you will probably need to do a "no ip address outside 68.105.222.74 255.255.X.X"

Not really sure what all of the other entries would be unless it's port forwarding for devices. Do a bunch of lines look like this?

access-list 102 permit icmp host 10.1.1.1 host 68.105.222.74 timestamp-reply

Other than that it should work, but it isn't always that simple when it comes to Cisco equipment. I only have a little experience with their stuff, so there might be a few other things that I don't know about you would have to do.
Bman212121 is offline   Reply With Quote
Old 02-25-09, 10:01 AM   #5
zoomy942
 
zoomy942's Avatar
 
Join Date: Dec 2003
Location: Bellevue, ID
Posts: 5,334
Send a message via AIM to zoomy942 Send a message via MSN to zoomy942
Default Re: Need some Assistance with my firewall

so this copy to notepad thing...

how does that work? i can copy and paste everything over and then change it and apply it?
zoomy942 is offline   Reply With Quote
Old 02-25-09, 10:40 AM   #6
Bman212121
Registered User
 
Join Date: Jan 2006
Posts: 6,726
Default Re: Need some Assistance with my firewall

Quote:
Originally Posted by zoomy942 View Post
so this copy to notepad thing...

how does that work? i can copy and paste everything over and then change it and apply it?
Yes. If you type "show run" it will give you a big ol output of every setting that is configured on the device. Just copy all of that text into notepad. Then you can make the changes there making it much easier to work with the device. Then just copy and paste the document back onto the pix and it will apply all of the changes. (When your in configure terminal mode it will take each line as a separate command) One note is that if it's a long config you might need to break it up into a couple of pieces as the device can only buffer so much information. The nice thing about doing it this way is that you can save your notepad document for future reference. If someone accidentally breaks the device just copy/paste the backup config to it. Make sure you backup the running config before you make changes as well, just in case you screw something up.
Bman212121 is offline   Reply With Quote
Old 02-25-09, 11:18 AM   #7
zoomy942
 
zoomy942's Avatar
 
Join Date: Dec 2003
Location: Bellevue, ID
Posts: 5,334
Send a message via AIM to zoomy942 Send a message via MSN to zoomy942
Default Re: Need some Assistance with my firewall

let me ask you this..

i understand that i have to run the NO command to remove the old stuff and then apply the new stuff...

would my copy and paste look like..

no ip route...yadada
ip route...yadadda
zoomy942 is offline   Reply With Quote
Old 02-25-09, 10:56 PM   #8
Bman212121
Registered User
 
Join Date: Jan 2006
Posts: 6,726
Default Re: Need some Assistance with my firewall

Actually I would just copy and paste everything as normal first, and then run the "NO IP route" commands on whatever you needed to remove. A lot of the commands aren't going to duplicate, but commands like IP addresses you're allowed to have multiple of them, so that is why you'll end up with more than one. If you're telnet/SSH in and you run a no IP address before you assign the new one, you might be able to lock yourself out of the pix.

I'm not sure if I made that clear or not. You won't need to have any "no" commands in your config. The only time where you might need to use it is to remove something that didn't overwrite the old value, but instead made another one. IE:

ip address 192.168.1.2
ip address 192.168.2.2

If I were changing the ip to 192.168.2.2 that is most likely what would happen when I type the command. To fix this I'll type "no ip address 192.168.1.2" and it will remove the old ip. Another common use for no is when you have a port that is disabled. You can type "no shut" and it will enable the port.
Bman212121 is offline   Reply With Quote

Old 02-26-09, 10:03 AM   #9
zoomy942
 
zoomy942's Avatar
 
Join Date: Dec 2003
Location: Bellevue, ID
Posts: 5,334
Send a message via AIM to zoomy942 Send a message via MSN to zoomy942
Default Re: Need some Assistance with my firewall

i looked at that article and one thing it doesne explain is why SSH is better than telnet
zoomy942 is offline   Reply With Quote
Old 02-26-09, 10:40 AM   #10
Bman212121
Registered User
 
Join Date: Jan 2006
Posts: 6,726
Default Re: Need some Assistance with my firewall

Quote:
Originally Posted by zoomy942 View Post
i looked at that article and one thing it doesne explain is why SSH is better than telnet
SSH uses encryption, telnet is just plain text for everything. Telnet is considered very insecure because anyone with a packet sniffer could easily get your login and enable passwords.

http://articles.techrepublic.com.com...1-5875046.html

Quote:
Takeaway: Most IT pros know that using Telnet to manage routers, switches, and firewalls is not exactly a security best practice. Instead, the accepted alternative to Telnet's lack of security is Secure Shell (SSH). Learn how to configure SSH on your Cisco router. David Davis has the details.
Bman212121 is offline   Reply With Quote
Old 02-26-09, 10:48 AM   #11
zoomy942
 
zoomy942's Avatar
 
Join Date: Dec 2003
Location: Bellevue, ID
Posts: 5,334
Send a message via AIM to zoomy942 Send a message via MSN to zoomy942
Default Re: Need some Assistance with my firewall

um. stupid thing wont let me highlight the big long thing in command prompt

EDIT : got it
zoomy942 is offline   Reply With Quote
Reply


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


Similar Threads
Thread Thread Starter Forum Replies Last Post
If I have a firewall in my router do I need one installed in Windows 7? musman Networking And Security 6 05-16-12 02:50 PM

All times are GMT -5. The time now is 11:23 PM.


Powered by vBulletin® Version 3.7.1
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Copyright 1998 - 2014, nV News.