ssh into pix501 and transparent tunneling using tcp

travis0 · ‎09-03-2003

Hello,

I have 2 questions.

1. my pix501 is setup to allow ssh connection from a specific ip. I used putty.exe to run ssh session to the pix, it prompted for a username and password..here, ..i am stucked. what should i use as a username and password?

2. i want to use vpn client to connect with transparent tunneling enabled using tcp port 1800 at the pix. should i create an access-list for tcp 1800 in order for the vpn connection to work?

please post your suggestions. thank you!

travis.

mostiguy · ‎09-03-2003

1. username for ssh is "pix". For the PDM web management, you leave the username field blank.

2. You cannot. NAT-T only supports UDP encapsulation. The only cisco product that I am aware of that can do tcp encapsulation is the 30xx series vpn concentrators.

If you go the udp route, you only need to : sysopt connection permit ipsec, as that is a solution for allowing in isakmp, ESP, AH and NAT-T packets without wrestling with ACLs

travis0 · ‎09-03-2003

1. i tried username "pix" and password is <'en' password> and it did not work. do you have to set this ssh password in the console?

2. the vpn client documentation says that "multiple simultaneous connections might work better with TCP, and if you are in an extranet environment, TCP mode is perferable. UDP does not operate with stateful firewalls. Use TCP with this configuration."

currently, i have nat-t configured on the pix and connecting single vpn client (UDP encap) to it without any difficulty. I will find out later tomorrow if simultaneous connections to the pix with UDP setup will work OK.

travis.