11-4
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide
OL-6392-01
Chapter 11 Allowing Remote Management
Allowing HTTPS for PDM
Using an SSH Client
To gain access to the FWSM console using SSH, at the SSH client enter the username pix and enter the
login password set by the password command (see the “Changing the Login Password” section on
page 6-2). For individual logins, see the “Configuring Authentication for CLI Access” section on
page 12-8.
When starting an SSH session, a dot (.) displays on the FWSM console before the SSH user
authentication prompt appears, as follows:
FWSM/contexta(config)# .
The display of the dot does not affect the functionality of SSH. The dot appears at the console when
generating a server key or decrypting a message using private keys during SSH key exchange before user
authentication occurs. These tasks can take up to two minutes or longer. The dot is a progress indicator
that verifies that the FWSM is busy and has not hung.
Allowing HTTPS for PDM
To use PDM, you need to enable the HTTPS server and allow HTTPS connections to the FWSM. All of
these tasks are completed if you use the setup command. This section describes how to manually
configure PDM access.
The FWSM allows up to 32 PDM sessions for the entire modul, and it allows a maximum of 5 concurrent
HTTPS connections per context, which can be configurable. See the “Rule Limits” section on page A-5
for information about the maximum number of HTTPS rules allowed for the entire system.
To configure PDM access, follow these steps:
Step 1 To generate an RSA key pair, which is required for HTTPS, enter the following command:
FWSM/contexta(config)# ca generate rsa key
modulus
The modulus (in bits) is 512, 768, 1024, or 2048. The larger the key modulus size you specify, the longer
it takes to generate an RSA. We recommend a value of 768.
Before you generate the key, you should set the host name and the domain name according to the
“Setting the Host Name” section on page 6-4 and the “Setting the Domain Name” section on page 6-5.
These settings are used in the key.
Step 2 To save the RSA keys to persistent Flash memory, enter the following command:
FWSM/contexta(config)# ca save all
Step 3 To identify the IP addresses from which the FWSM accepts HTTPS connections, enter the following
command for each address or subnet:
FWSM/contexta(config)# http
source_IP_address
mask
source_interface
Step 4 To enable the HTTPS server, enter the following command:
FWSM/contexta(config)# http server enable
Step 5 To enable PDM metrics history, enter the following command:
FWSM/contexta(config)# pdm history enable
If you do not enable PDM metrics history, you can view real-time data only and not historical data. This
step is optional.
To Next Page
Loading...
Need help?
General