ssh access-list confusion

zaheer · ‎08-01-2007

Hi,

I am new to firewalls,

I have a PIX 515E with VPN on it.

I want one of my VPN clients to ssh to an internal server.

the VPN connection gets established and is fine.But when I open an SSH session it shows remote host down.I get the correct IP pool address.I can access the server using remote desktop connection when I give full access for the server using IP protocol.

Below is the configuration and access-list i have implemented for the same.

access-list acl_test permit tcp host 10.0.0.55 host 192.168.x.x eq ssh

vpngroup test address-pool abc

vpngroup test split-tunnel acl_test

vpngroup test idle-time 1800

vpngroup test password ********

10.0.0.55 is my VPN client

and my server is in 192.168.x.x range

purohit_810 · ‎08-01-2007

You need to performe following steps:

hostname(config)# crypto key generate rsa modulus 1024

hostname(config)# write mem

hostname(config)# ssh 192.168.1.2 255.255.255.255 inside

hostname(config)# ssh timeout 30

Try instead of INSIDE ... Outside also.

Regards,

Dharmesh Purohit

acomiskey · ‎08-01-2007

That would help if he was trying to ssh to the pix.

Zaheer, split tunnel acl's are usually not extended or port based access-lists. If you want to filter the vpn traffic there are other ways to do that. What version are you running?

zaheer · ‎08-01-2007

I am running ver 6.3(3)