07-10-2007 06:05 AM
I am using s/w ver 7.0(4).
The config for ssh is:
crypto key generate rsa modulus 1024
wr mem
ssh a.b.c.d 255.255.255.255 outside
but it's not working.
Plz help
Solved! Go to Solution.
07-11-2007 05:12 AM
Yes, if your outside interface is mapped to y.y.y.y then you will not be able to ssh to x.x.x.x as it will be forwarding this to y.y.y.y.
You could change from a 1 to 1 static to port address translation for each particular port you need forwarded to y.y.y.y.
Please rate helpful posts.
07-10-2007 07:03 AM
Hi ,
Config looks ok to me.
In order to access the Pix from the outside interface you need this: Ssh ?ip address? ?netmask? outside.
As an example I using my ip address:
Ssh 200.9.49.66 255.255.255.255 outside.
If you want to provide access but you do not know the ip then: Ssh 0 0 outside.
Make sure that there no access list blocking ssh.
Finally try reloading the box.
Regards,
~JG
07-10-2007 07:28 AM
Thanks JG for comments.
I have tried all these options but :(
Is there any alternate way to access PIX from outside interface?
??
07-10-2007 09:07 AM
Hi,
use this command in addition to your command.
aaa authentication ssh console LOCAL
also create local username & password like
username cisco password cisco privilege 0
download putty & enjoy ssh to your pix
use the username & password u created to login through your ssh client
if still not work ,let me know
if work,pl rate this
Regards
07-10-2007 10:44 AM
I would like to see the running config from the box.
Regards,
07-10-2007 11:30 AM
ca generate rsa key 1024
show ca mypubkey rsa
ca save all
ssh 10.x.x.1 255.255.255.255 outside
ssh timeout 60
wr mem
or
ssh a.b.c.d 255.255.255.255 outside.dcp. Depend on your model and config. Hope this help.
Eric
07-11-2007 03:14 AM
tried all but nops.
Not successful. I have done the same several times & it works, but ...
Any other idea?? OR any other alternative?
07-11-2007 03:55 AM
Can it be the issue of IOS?
07-11-2007 04:38 AM
version 7.x should be fine.
Try ACL allowing outside ssh host access.
access-list OUTSIDE extended permit ip 192.168.1.x 255.255.255.0 any eq ssh, etc etc.
or
management-access outside or inside >> I think.
E
07-11-2007 04:40 AM
Can you post the sh run
07-11-2007 04:49 AM
access-list outside extended permit ip any any
is allowed already on outside interface.
07-11-2007 04:52 AM
Do you by chance have a 1 to 1 static using the outside interface?
Also, you do not need to allow this traffic in an acl.
07-11-2007 05:08 AM
yup exactly.
static map is there.
static (inside, outside) x.x.x.x y.y.y.y netmask 255.255.255.255
Will it interrupt anything?
07-11-2007 05:12 AM
Yes, if your outside interface is mapped to y.y.y.y then you will not be able to ssh to x.x.x.x as it will be forwarding this to y.y.y.y.
You could change from a 1 to 1 static to port address translation for each particular port you need forwarded to y.y.y.y.
Please rate helpful posts.
07-11-2007 05:29 AM
That works.
Thanks
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: