07-10-2007 03:01 AM - edited 03-11-2019 03:42 AM
I have few computers behind PIX 501. Few of them has no access to internet (access-list inside line 1 deny ip host 192.168.1.10 etc) and others have full access. Now I want to give some of those denied computers an SSH access to outside. I have tried
access-list inside line 6 permit tcp host 192.168.1.10 eq ssh any eq ssh
, but SSH-client says Connection Refused. Do I need some other access-rules or is the problem somewhere else?
Solved! Go to Solution.
07-10-2007 05:29 AM
You need to have the permit line before the deny line.
access-list inside permit tcp host 192.168.1.10 any eq ssh
access-list inside deny ip host 192.168.1.10 any
Please rate helpful posts.
07-10-2007 03:43 AM
Hi
Source port may not be 22, depends on the client coding. Change your ACL line to:
access-list inside line 6 permit tcp host 192.168.1.10 any eq ssh
07-10-2007 05:28 AM
That change didn't seem to work. It seems that outbound connection works, but inbound doesnt. access-list inside line 1 deny ip host 192.168.1.10 gets hits when i try to SSH out from the computer.
07-10-2007 05:29 AM
You need to have the permit line before the deny line.
access-list inside permit tcp host 192.168.1.10 any eq ssh
access-list inside deny ip host 192.168.1.10 any
Please rate helpful posts.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: