Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

How to access console port on pan-2020 using a dial up modem

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

How to access console port on pan-2020 using a dial up modem

L1 Bithead

I have a single remote firewall (pa-2020) where I would like to set up the console port to be accessible via dialup modem.  I called Paloalto support and they only were able to say that most people use a terminal server like an avocent type server to gain access to the console and haven't worked with anyone trying to use a modem.  (I have one firewall and don't want to spend money for an avocent console server...)  They could only tell me the basic settings such as N-8-1 9600 baud etc.  I have a modem plugged into the console port of the firewall and I can dial it and it will connect at 9600 with data compression vbis42 but I can't get any further than that.  (I type on the keyboard but no response)  My modem is configured to have no result codes (q1), no echo (e0), modem speed 9600 (s37=9), autoanwser (s0=1), no flow control (&k0), ignore DTR (&d0), and write config to nvram (&w).  I have been using the cisco document found here as a reference:  Connecting a Modem to the Console Port on Catalyst Switches - Cisco Systems

Has anyone successfully connected a dial up modem to the console port?  If so can you help me with some things to try?

12 REPLIES 12

L7 Applicator

While I cannot answer your question directly as I have never attempted a modem connection to the console port, you may be able to get away with a minimal investment if you have a linux server. I found this site, which goes over the details of getting a fully-functional linux-based console server for very little cost investment.

Linux-based serial console server | Network Tech Blog

Hope this helps at least a little bit if you can't get the modem itself to work.

-Greg

L4 Transporter

I'm really stretching here, but... aren't the AUX ports on a Cisco router null modem ports? Have you tried connecting a null modem style serial cable from your modem to the port on the PA?

It's that whole DTE versus DCE difference with serial cables... the port on the PA might expect you to connect with a DTE serial device when your modem is DCE, hence the null modem cable to "flip it over" from DTE to DCE.

Yes the cisco switches and routers will have aux ports but they also just have regular console ports which that document link I posted describes...

I assume you mean the roll over cable, so I tried that and still the same result where it will say it connects at 9600 with vbis42 compression but then i can't get any response.  No data gets received or sent that I can see, nothing happens after hitting keys on the keyboard etc...Any other ideas? 

Also my modem comes with a serial cable with both a db9 and db25 connector on the same cable, does it matter which one I use?  I have tried connecting the rj45 rollover cable to the console port of the firewall, and then from that I plug into a db9 that plugs into the db9 of the cable to the modem.  The db25 portion of the modem cable is not connected to anything...

Can you get a 25 pin cable and try it? Maybe the 25 pin one is active while the DB9 isn't. Hmm.

L1 Bithead

The PA doesn't handshake with the modem - either via commands or via signaling. So basically the modem has to be set up to not use handshaking - to just establish the connection and start sending/receiving characters.  Typically this is done via hardware settings on the modem. Check the modem documentation on how to set that up. Also, compression will probably not work in this configuration.

this is how I have the modem configured- (this is from the link I posted): 

HAYES ACCURA

DescriptionHayes-Compatible Command
Factory defaults&F0
No result codesQ1
No echoE0
Modem speed 9600S37=9
AutoanswerS0=1
No flow control&K0
Ignore DTR&D0
Write config to NVRAM&W
Init String: AT&F0Q1E0S0=1S37=9&K0&D0&W

Is that ignore DTR setting what you are talking about?  If so I have that set, but I haven't tried disabling the compression, I will try that and let you know.  Thank you all for your willingness to help me with this!

L4 Transporter

Wouldn't the "Ignore DTR" need to be set to 1? Setting it to zero means it pays attention to DTR, right?

&D0 sets it to ignore for my modem.

So here's an idea... do you have a spare router lying around that has an aux port that you could test on? At least you could see if your cable and modem serial port are good and working...

I can console into the modem to issue the at commands using my pc's serial port, so that would suggest the serial port on the modem is working right?  I can also console in successfully to the firewall from my pc's serial port which tells me the rollover cable and connections are good as well right?

The modem comes with a 2 headed cable, one with an rs232 connector and the other a db9.  I have tried using an rs232 gender changer to connect the modem to the console port of the firewall and that didn't work, I also did the same thing with a db9 gender changer to connect the db9 connector to the console port as well and still no success.  I have turned off compression as well with no success.  I know my modem is connecting to the firewall modem because it says "connected 9600" but won't respond to anything after that.  I can issue the +++ command to break out of it and that's it.  I may just have to break down and purchase a serial console server unless you guys have any other ideas?

I'd love to help figure this out (I like the challenge...) but I don't have an old school modem and POTS line to try connecting to a lab PA unfortunately.

It "feels" like a pinout thing... like the modem's pinout and the PA's pinout aren't 'lining up right' for whatever reason, but it's really hard to narrow down why

  • 7763 Views
  • 12 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!