Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ssh into pix501 and transparent tunneling using tcp


I have 2 questions.

1. my pix501 is setup to allow ssh connection from a specific ip. I used putty.exe to run ssh session to the pix, it prompted for a username and, ..i am stucked. what should i use as a username and password?

2. i want to use vpn client to connect with transparent tunneling enabled using tcp port 1800 at the pix. should i create an access-list for tcp 1800 in order for the vpn connection to work?

please post your suggestions. thank you!



Re: ssh into pix501 and transparent tunneling using tcp

1. username for ssh is "pix". For the PDM web management, you leave the username field blank.

2. You cannot. NAT-T only supports UDP encapsulation. The only cisco product that I am aware of that can do tcp encapsulation is the 30xx series vpn concentrators.

If you go the udp route, you only need to : sysopt connection permit ipsec, as that is a solution for allowing in isakmp, ESP, AH and NAT-T packets without wrestling with ACLs

New Member

Re: ssh into pix501 and transparent tunneling using tcp

1. i tried username "pix" and password is <'en' password> and it did not work. do you have to set this ssh password in the console?

2. the vpn client documentation says that "multiple simultaneous connections might work better with TCP, and if you are in an extranet environment, TCP mode is perferable. UDP does not operate with stateful firewalls. Use TCP with this configuration."

currently, i have nat-t configured on the pix and connecting single vpn client (UDP encap) to it without any difficulty. I will find out later tomorrow if simultaneous connections to the pix with UDP setup will work OK.


CreatePlease login to create content