Re: [fw-wiz] PIX denying SSH Access - until I run PDM?

• Previous message: Tichomir Kotek: "Re: [fw-wiz] PIX denying SSH Access - until I run PDM?"
• In reply to: Paul Melson: "RE: [fw-wiz] PIX denying SSH Access - until I run PDM?"
• Next in thread: Tichomir Kotek: "Re: [fw-wiz] PIX denying SSH Access - until I run PDM?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: Paul Melson <pmelson@gmail.com>
Date: Tue, 30 Aug 2005 07:34:21 -0500

Nope, you need to issue the command (in config mode) ca save all.

If you don't save the CA cert, you get a new one every reboot. And you
don't generate a new CA until you fire up the https interface.

Paul Melson wrote:

>I have a hunch that you may have an 'aaa authentication' rule that's causing
>this problem. Would you be willing to post the output of 'show aaa' from a
>PIX with this affliction? Of course, sanitize it to prevent any unnecessary
>disclosures such as user names or public IP addresses.
>
>PaulM
>
>-----Original Message-----
>Subject: [fw-wiz] PIX denying SSH Access - until I run PDM?
>
>The symptom is that a few weeks will pass since I last logged onto the fw
>using ssh; and I'll attempt to; but instead of being prompted for a
>userid/password the client will simply sit there and stare at me while doing
>nothing - no errors. If I'm using Kermit (usual) it'll just sit on the blank
>black screen until it times out. Other clients produce similar behavior.
>
>The odd part is that I discovered through trial and error that if access the
>PIX via PDM after the failed SSH attempt - even if the PDM connection is not
>completed - I can then attach via SSH.
>
>This is such a bizarre problem that I've been reluctant to post it; but I've
>encountered it so many times now that my curiousity has gotten the better of
>me!
>
>_______________________________________________
>firewall-wizards mailing list
>firewall-wizards@honor.icsalabs.com
>http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
>
>
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

• Previous message: Tichomir Kotek: "Re: [fw-wiz] PIX denying SSH Access - until I run PDM?"
• In reply to: Paul Melson: "RE: [fw-wiz] PIX denying SSH Access - until I run PDM?"
• Next in thread: Tichomir Kotek: "Re: [fw-wiz] PIX denying SSH Access - until I run PDM?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages RE: [fw-wiz] PIX denying SSH Access - until I run PDM? ... PIX with this affliction? ... userid/password the client will simply sit there and stare at me while doing ... PIX via PDM after the failed SSH attempt - even if the PDM connection is not ... (Firewall-Wizards) Loss of VPN Access Using Pix 501 ... I have a client who is using a Pix 501, ... Establish secure connection using Ethernet ... Peer supports XAUTH ... (comp.dcom.sys.cisco) RE: [fw-wiz] Cisco PiX 501 running 6.2 - Defying me for no reason ... >>connected with the PiX between it). ... > assign static IPs, so when I transfered the static to the firewall, the ... I cannot ping names, such as ... server and have it issue an IP and DNS server to your client PC? ... (Firewall-Wizards) Re: INTERNET ACCESS AND CISCO PIX FIREWALL ... 2 client PCs are in another room and I would prefer to give them ... replace the Cisco Pix Firewall with a wireless firewall router? ... Microsoft MVP - Windows Server Directory Services ... (microsoft.public.windows.server.networking) Re: SBS VPN vs Router VPN ... I'm using one NIC on the server, and the pix 506e only has one internet ... The higher level pix models can take two. ... Is your router or SBS doing DHCP? ... Configure the PIX for remote vpn access, then install the client on the ... (microsoft.public.windows.server.sbs)