Hi, I am working on a Pix 501 via a remote ssh connection, all was fine until I issued a reload command. Now I cannot get access to the PIX via SSH and a nmap scan shows port 22 is open but the service shows tcpwrapped. I have never seen this before, anyone know how to clear it? Thanks in advance.
To use SSH, your PIX Firewall must have a DES or 3DES activation key and you must generate an RSA key-pair for the PIX Firewall before clients can connect to the PIX Firewall console. Use the ca generate rsa key 512 command to generate a key; change the modulus size from 512, as needed. After generating the RSA key, save the key using the ca save all command.
Hi Patrick, thanks for your post. My pix does have a 3DES activation key. I have been using SSH on this pix for several days with PuTTY and I did not generate an RSA key-pair, perhaps someone else did before me. It was working fine until I issued the reload command via SSH. When the RSA keys are missing do you get this issue with "tcpwrapped"?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...