Using An Ssh Client; Allowing Https For Pdm - Cisco Catalyst 6500 Series Configuration Manual
Catalyst 6500 series switch and
cisco 7600 series router firewall services
Hide thumbs
Also See for Catalyst 6500 Series:
- Software configuration manual (570 pages) ,
- Configuration note (212 pages) ,
- Installation manual (194 pages)
Table of Contents
Advertisement
Allowing HTTPS for PDM
Using an SSH Client
To gain access to the FWSM console using SSH, at the SSH client enter the username pix and enter the
login password set by the password command (see the
page
page
When starting an SSH session, a dot (.) displays on the FWSM console before the SSH user
authentication prompt appears, as follows:
FWSM/contexta(config)# .
The display of the dot does not affect the functionality of SSH. The dot appears at the console when
generating a server key or decrypting a message using private keys during SSH key exchange before user
authentication occurs. These tasks can take up to two minutes or longer. The dot is a progress indicator
that verifies that the FWSM is busy and has not hung.
Allowing HTTPS for PDM
To use PDM, you need to enable the HTTPS server and allow HTTPS connections to the FWSM. All of
these tasks are completed if you use the setup command. This section describes how to manually
configure PDM access.
The FWSM allows up to 32 PDM sessions for the entire modul, and it allows a maximum of 5 concurrent
HTTPS connections per context, which can be configurable. See the
for information about the maximum number of HTTPS rules allowed for the entire system.
To configure PDM access, follow these steps:
To generate an RSA key pair, which is required for HTTPS, enter the following command:
Step 1
FWSM/contexta(config)# ca generate rsa key modulus
The modulus (in bits) is 512, 768, 1024, or 2048. The larger the key modulus size you specify, the longer
it takes to generate an RSA. We recommend a value of 768.
Before you generate the key, you should set the host name and the domain name according to the
"Setting the Host Name" section on page 6-4
These settings are used in the key.
To save the RSA keys to persistent Flash memory, enter the following command:
Step 2
FWSM/contexta(config)# ca save all
To identify the IP addresses from which the FWSM accepts HTTPS connections, enter the following
Step 3
command for each address or subnet:
FWSM/contexta(config)# http source_IP_address mask source_interface
To enable the HTTPS server, enter the following command:
Step 4
FWSM/contexta(config)# http server enable
To enable PDM metrics history, enter the following command:
Step 5
FWSM/contexta(config)# pdm history enable
If you do not enable PDM metrics history, you can view real-time data only and not historical data. This
step is optional.
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide
11-4
6-2). For individual logins, see the
12-8.
Chapter 11
"Changing the Login Password" section on
"Configuring Authentication for CLI Access" section on
and the
"Setting the Domain Name" section on page
Allowing Remote Management
"Rule Limits" section on page A-5
OL-6392-01
6-5.
Advertisement
Table of Contents
Troubleshooting
