those ip's were juct changed for the post... but i get connection refused from putty

Do you know if ssh works from the inside ?

nope but let me try

yeah i can ssh from inside

NOT outside

I can test ie. see if i get a prompt if you let me know public IP

jon.marshall4@btinternet.com

but obviously you don't have to.

Jon

maybe your provider is blocking SSH?

no, because i can ssh into the 506e thats the 501's are VPN'ing into!

here is a good PIX config...

PIX Version 6.3(5)

interface ethernet0 auto

interface ethernet1 100full

nameif ethernet0 outside security0

nameif ethernet1 inside security100

enable password qaAv.Ii3BE9UHjeE encrypted

passwd lfL9YkXcpVI8j9gT encrypted

hostname AB01-CC-PIX

domain-name rupurt.com

fixup protocol dns maximum-length 512

fixup protocol ftp 21

no fixup protocol h323 h225 1720

no fixup protocol h323 ras 1718-1719

fixup protocol http 80

no fixup protocol rsh 514

no fixup protocol rtsp 554

no fixup protocol sip 5060

no fixup protocol sip udp 5060

no fixup protocol skinny 2000

fixup protocol smtp 25

no fixup protocol sqlnet 1521

no fixup protocol tftp 69

names

name 10.7.2.0 AB01-CC

name 10.9.2.0 AB01-LF

access-list inside_outbound_nat0_acl permit ip AB01-CC 255.255.255.0 AB01-LF 255.255.255.0

access-list outside_cryptomap_100 permit ip AB01-CC 255.255.255.0 AB01-LF 255.255.255.0

no pager

mtu outside 1500

mtu inside 1500

no ip address outside

ip address inside 10.7.2.30 255.255.255.0

ip audit info action alarm

ip audit attack action alarm

pdm location AB01-CC 255.255.255.0 inside

pdm location AB01-LF 255.255.255.0 inside

pdm logging informational 100

pdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 0 access-list inside_outbound_nat0_acl

static (inside,outside) 68.213.152.84 10.7.2.13 netmask 255.255.255.255 0 0

route outside 0.0.0.0 0.0.0.0 68.213.152.81 1

timeout xlate 0:05:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00

timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout sip-disconnect 0:02:00 sip-invite 0:03:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server TACACS+ max-failed-attempts 3

aaa-server TACACS+ deadtime 10

aaa-server RADIUS protocol radius

aaa-server RADIUS max-failed-attempts 3

aaa-server RADIUS deadtime 10

aaa-server LOCAL protocol local

http server enable

http 0.0.0.0 0.0.0.0 outside

http AB01-CC 255.255.255.0 inside

http AB01-LF 255.255.255.0 inside

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

floodguard enable

sysopt connection permit-ipsec

crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac

crypto map outside_map 100 ipsec-isakmp

crypto map outside_map 100 match address outside_cryptomap_100

crypto map outside_map 100 set peer 69.2.60.228

crypto map outside_map 100 set transform-set ESP-DES-MD5

crypto map outside_map interface outside

isakmp enable outside

isakmp key ******** address 12.166.199.2 netmask 255.255.255.255 no-xauth no-config-mode

isakmp key ******** address 69.2.60.228 netmask 255.255.255.255 no-xauth no-config-mode

isakmp policy 20 authentication pre-share

isakmp policy 20 encryption des

isakmp policy 20 hash md5

isakmp policy 20 group 1

isakmp policy 20 lifetime 86400

telnet AB01-CC 255.255.255.0 inside

telnet AB01-LF 255.255.255.0 inside

telnet timeout 5

ssh 0.0.0.0 0.0.0.0 outside

ssh 0.0.0.0 0.0.0.0 inside

ssh timeout 5

management-access inside

console timeout 0

dhcpd address 10.7.2.100-10.7.2.130 inside

dhcpd dns 10.9.2.5 10.9.2.6

dhcpd lease 3600

dhcpd ping_timeout 750

dhcpd domain rupert.com

dhcpd auto_config outside

dhcpd enable inside

terminal width 80

Cryptochecksum:xxx

: end

Forgot Outside Ip...

PIX Version 6.3(5)

interface ethernet0 auto

interface ethernet1 100full

nameif ethernet0 outside security0

nameif ethernet1 inside security100

enable password xxx

passwd xxx

hostname AB01-CC-PIX

domain-name abvalve.com

fixup protocol dns maximum-length 512

fixup protocol ftp 21

no fixup protocol h323 h225 1720

no fixup protocol h323 ras 1718-1719

fixup protocol http 80

no fixup protocol rsh 514

no fixup protocol rtsp 554

no fixup protocol sip 5060

no fixup protocol sip udp 5060

no fixup protocol skinny 2000

fixup protocol smtp 25

no fixup protocol sqlnet 1521

no fixup protocol tftp 69

names

name 10.7.2.0 AB01-CC

name 10.9.2.0 AB01-LF

access-list inside_outbound_nat0_acl permit ip AB01-CC 255.255.255.0 AB01-LF 255.255.255.0

access-list outside_cryptomap_100 permit ip AB01-CC 255.255.255.0 AB01-LF 255.255.255.0

no pager

mtu outside 1500

mtu inside 1500

ip address outside 68.x.x.84 255.255.255.248

ip address inside 10.7.2.30 255.255.255.0

ip audit info action alarm

ip audit attack action alarm

pdm location AB01-CC 255.255.255.0 inside

pdm location AB01-LF 255.255.255.0 inside

pdm logging informational 100

pdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 0 access-list inside_outbound_nat0_acl

static (inside,outside) 68.213.152.84 10.7.2.13 netmask 255.255.255.255 0 0

route outside 0.0.0.0 0.0.0.0 68.213.152.81 1

timeout xlate 0:05:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00

timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout sip-disconnect 0:02:00 sip-invite 0:03:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server TACACS+ max-failed-attempts 3

aaa-server TACACS+ deadtime 10

aaa-server RADIUS protocol radius

aaa-server RADIUS max-failed-attempts 3

aaa-server RADIUS deadtime 10

aaa-server LOCAL protocol local

http server enable

http 0.0.0.0 0.0.0.0 outside

http AB01-CC 255.255.255.0 inside

http AB01-LF 255.255.255.0 inside

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

floodguard enable

sysopt connection permit-ipsec

crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac

crypto map outside_map 100 ipsec-isakmp

crypto map outside_map 100 match address outside_cryptomap_100

crypto map outside_map 100 set peer 69.2.60.228

crypto map outside_map 100 set transform-set ESP-DES-MD5

crypto map outside_map interface outside

isakmp enable outside

isakmp key ******** address 12.166.199.2 netmask 255.255.255.255 no-xauth no-config-mode

isakmp key ******** address 69.2.60.228 netmask 255.255.255.255 no-xauth no-config-mode

isakmp policy 20 authentication pre-share

isakmp policy 20 encryption des

isakmp policy 20 hash md5

isakmp policy 20 group 1

isakmp policy 20 lifetime 86400

telnet AB01-CC 255.255.255.0 inside

telnet AB01-LF 255.255.255.0 inside

telnet timeout 5

ssh 0.0.0.0 0.0.0.0 outside

ssh 0.0.0.0 0.0.0.0 inside

ssh timeout 5

management-access inside

console timeout 0

dhcpd address 10.7.2.100-10.7.2.130 inside

dhcpd dns 10.9.2.5 10.9.2.6

dhcpd lease 3600

dhcpd ping_timeout 750

dhcpd domain abvalve.com

dhcpd auto_config outside

dhcpd enable inside

terminal width 80

Cryptochecksum:xxx

: end

using the configuration above i cannot ping the outside address either!