Nope, you need to issue the command (in config mode) ca save all.
If you don't save the CA cert, you get a new one every reboot. And you
don't generate a new CA until you fire up the https interface.
Paul Melson wrote:
>I have a hunch that you may have an 'aaa authentication' rule that's causing
>this problem. Would you be willing to post the output of 'show aaa' from a
>PIX with this affliction? Of course, sanitize it to prevent any unnecessary
>disclosures such as user names or public IP addresses.
>
>PaulM
>
>-----Original Message-----
>Subject: [fw-wiz] PIX denying SSH Access - until I run PDM?
>
>The symptom is that a few weeks will pass since I last logged onto the fw
>using ssh; and I'll attempt to; but instead of being prompted for a
>userid/password the client will simply sit there and stare at me while doing
>nothing - no errors. If I'm using Kermit (usual) it'll just sit on the blank
>black screen until it times out. Other clients produce similar behavior.
>
>The odd part is that I discovered through trial and error that if access the
>PIX via PDM after the failed SSH attempt - even if the PDM connection is not
>completed - I can then attach via SSH.
>
>This is such a bizarre problem that I've been reluctant to post it; but I've
>encountered it so many times now that my curiousity has gotten the better of
>me!
>
>_______________________________________________
>firewall-wizards mailing list
>firewall-wizards_at_honor.icsalabs.com
>http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
>
>
_______________________________________________
firewall-wizards mailing list
firewall-wizards_at_honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Received on Aug 30 2005
Intro
