enabling ssh to certain computer

Answered Question
Jul 10th, 2007

I have few computers behind PIX 501. Few of them has no access to internet (access-list inside line 1 deny ip host 192.168.1.10 etc) and others have full access. Now I want to give some of those denied computers an SSH access to outside. I have tried

access-list inside line 6 permit tcp host 192.168.1.10 eq ssh any eq ssh

, but SSH-client says Connection Refused. Do I need some other access-rules or is the problem somewhere else?

I have this problem too.
0 votes
Correct Answer by acomiskey about 9 years 6 months ago

You need to have the permit line before the deny line.

access-list inside permit tcp host 192.168.1.10 any eq ssh

access-list inside deny ip host 192.168.1.10 any

Please rate helpful posts.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
dominic.caron Tue, 07/10/2007 - 03:43

Hi

Source port may not be 22, depends on the client coding. Change your ACL line to:

access-list inside line 6 permit tcp host 192.168.1.10 any eq ssh

jamesi123 Tue, 07/10/2007 - 05:28

That change didn't seem to work. It seems that outbound connection works, but inbound doesnt. access-list inside line 1 deny ip host 192.168.1.10 gets hits when i try to SSH out from the computer.

Correct Answer
acomiskey Tue, 07/10/2007 - 05:29

You need to have the permit line before the deny line.

access-list inside permit tcp host 192.168.1.10 any eq ssh

access-list inside deny ip host 192.168.1.10 any

Please rate helpful posts.

Actions

This Discussion