Has anyone successfully run a modem connection to the PIX console port directly?
Fictional scenario:
We have a head office with overseas shops that connect via point-to-point VPN (501 in each office to 506 at the centre). The shops sell financial products and management wants to keep their traffic secure with no user involvement or configuration, just extend the main site LAN to the shops. There is no IT support as they all speak Elbonian only.
We have no IT staff out there, and I'm wondering if it would be possible to run a modem to the console port? If the PIX config goes wrong, and we can't get a connection to it via normal interfaces, we'd dial up and run a console session from afar.
A colleague of mine tried this but couldn't get it to work. His best idea was to run a host with a modem inside the firewall, and then remote desktop to that via modem to get at the PIX from the inside network interface.
I see a problem in this - if the PIX needs a reset after a crash, you may not be able to connect to it even from the inside.
You could also run a PC with a modem, connected to the console port, and then dial to the PC and get at the PIX like that. But it's messy and the PC is a extra point of failure.
Comments please?
BF
Fictional scenario:
We have a head office with overseas shops that connect via point-to-point VPN (501 in each office to 506 at the centre). The shops sell financial products and management wants to keep their traffic secure with no user involvement or configuration, just extend the main site LAN to the shops. There is no IT support as they all speak Elbonian only.
We have no IT staff out there, and I'm wondering if it would be possible to run a modem to the console port? If the PIX config goes wrong, and we can't get a connection to it via normal interfaces, we'd dial up and run a console session from afar.
A colleague of mine tried this but couldn't get it to work. His best idea was to run a host with a modem inside the firewall, and then remote desktop to that via modem to get at the PIX from the inside network interface.
I see a problem in this - if the PIX needs a reset after a crash, you may not be able to connect to it even from the inside.
You could also run a PC with a modem, connected to the console port, and then dial to the PC and get at the PIX like that. But it's messy and the PC is a extra point of failure.
Comments please?
BF