SSH VPN Site to Site ?

cisconoobie · ‎03-20-2007

Is there any such thing as a SSH VPN Site to Site ?

Also, if using IPSec 3Des, is there a way to tune the packet size for a Site to Site VPN? If there is, what are the recommendations?

Kamal Malhotra · ‎03-20-2007

There is nothing as SSH VPN Site to Site. SSH is the secure form of telnet, that's it.

What kinda tuning are you looking for and why? Yes you can tune it but unless it is really required, it should not be done. Smaller packets affect performance.

HTH,

Please rate if it helps,

Regards,

Kamal

cisconoobie · ‎03-20-2007

Is there a way to setup SSH tunneling between 2 PIX firewalls for lan to lan connectivity ?

Kamal Malhotra · ‎03-20-2007

Calling it an SSH tunnel would be incorrect. However, if the requirement is that you should be able to ssh into the PIX firewalls from behind each other then all you need is allow the ssh from the outside interface of the other PIX. E.g. :

PIX 1 outside IP : 1.1.1.1

PIX 2 outside IP : 2.2.2.2

On PIX1 : ssh 2.2.2.2 255.255.255.255 outside

On PIX2 : ssh 1.1.1.1 255.255.255.255 outside

I've given the commands assuming the name of the interface that connects to the internet is 'outside'. If I've not understood the requirement correctly, please explain it in detail.

HTH,

Please rate if it helps,

Regards,

Kamal

cisconoobie · ‎03-20-2007

Yes I'm well aware of ssh usage but I need to make sure that there is no way of setting up a point to point SSH with compression tunnel for lan to lan connectivity?

This would produce the same results that VPN IPSec Site to Site would do, meaning having connectivity to the private LANs just like VPN.