SSH VPN Site to Site ?

Unanswered Question
Mar 20th, 2007
User Badges:

Is there any such thing as a SSH VPN Site to Site ?


Also, if using IPSec 3Des, is there a way to tune the packet size for a Site to Site VPN? If there is, what are the recommendations?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Kamal Malhotra Tue, 03/20/2007 - 09:00
User Badges:
  • Cisco Employee,

There is nothing as SSH VPN Site to Site. SSH is the secure form of telnet, that's it.


What kinda tuning are you looking for and why? Yes you can tune it but unless it is really required, it should not be done. Smaller packets affect performance.


HTH,


Please rate if it helps,


Regards,


Kamal

cisconoobie Tue, 03/20/2007 - 10:11
User Badges:

Is there a way to setup SSH tunneling between 2 PIX firewalls for lan to lan connectivity ?

Kamal Malhotra Tue, 03/20/2007 - 10:26
User Badges:
  • Cisco Employee,

Calling it an SSH tunnel would be incorrect. However, if the requirement is that you should be able to ssh into the PIX firewalls from behind each other then all you need is allow the ssh from the outside interface of the other PIX. E.g. :


PIX 1 outside IP : 1.1.1.1

PIX 2 outside IP : 2.2.2.2


On PIX1 : ssh 2.2.2.2 255.255.255.255 outside

On PIX2 : ssh 1.1.1.1 255.255.255.255 outside


I've given the commands assuming the name of the interface that connects to the internet is 'outside'. If I've not understood the requirement correctly, please explain it in detail.


HTH,


Please rate if it helps,


Regards,


Kamal

cisconoobie Tue, 03/20/2007 - 11:05
User Badges:

Yes I'm well aware of ssh usage but I need to make sure that there is no way of setting up a point to point SSH with compression tunnel for lan to lan connectivity?


This would produce the same results that VPN IPSec Site to Site would do, meaning having connectivity to the private LANs just like VPN.

Actions

This Discussion