ssh access-list confusion

Unanswered Question


I am new to firewalls,

I have a PIX 515E with VPN on it.

I want one of my VPN clients to ssh to an internal server.

the VPN connection gets established and is fine.But when I open an SSH session it shows remote host down.I get the correct IP pool address.I can access the server using remote desktop connection when I give full access for the server using IP protocol.

Below is the configuration and access-list i have implemented for the same.

access-list acl_test permit tcp host host 192.168.x.x eq ssh

vpngroup test address-pool abc

vpngroup test split-tunnel acl_test

vpngroup test idle-time 1800

vpngroup test password ******** is my VPN client

and my server is in 192.168.x.x range

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 2 (1 ratings)
purohit_810 Wed, 08/01/2007 - 11:27

You need to performe following steps:

hostname(config)# crypto key generate rsa modulus 1024

hostname(config)# write mem

hostname(config)# ssh inside

hostname(config)# ssh inside

hostname(config)# ssh timeout 30

Try instead of INSIDE ... Outside also.


Dharmesh Purohit

acomiskey Wed, 08/01/2007 - 11:52

That would help if he was trying to ssh to the pix.

Zaheer, split tunnel acl's are usually not extended or port based access-lists. If you want to filter the vpn traffic there are other ways to do that. What version are you running?


This Discussion