Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ssh to PIX outside interface (DHCP)

I have setup a PIX connect to the Internet using a dynamic IP. And I have enable the appropriate IP to access the PIX from outside. But I cannot access the PIX using ssh from outside.

I enable debug ssh on the PIX, but only see something like

TCP connect allowed from outside IP to interface IP/ssh.

And PDM, PPTP all have the problem.

Anyone has this problem?

4 REPLIES

Re: ssh to PIX outside interface (DHCP)

Have you created a certificate for ssh on the PIX ?

Check the ssh key:

show ca mypubkey rsa

Generate a key:

hostname cisco-pix

domain-name example.com

ca generate rsa key 1024

show ca mypubkey rsa

Save ssh key:

ca save all

Allow incomming ssh connections:

ssh ip_address [netmask] [interface_name]

sincerely

Patrick

Gold

Re: ssh to PIX outside interface (DHCP)

you mentioned "dynamic ip", just wondering if you are referring to the pix will negotiate the public ip from the isp after a certain time period. assuming the public ip keeps changing, then remote management would not be feasible with pix.

if it is a router, configuring "dynamic dns" will resolve this issue. unfortunately, i don't think pix support ddns yet.

Re: ssh to PIX outside interface (DHCP)

You may use a Dynamic DNS service, generaly this service is free. This service updates all IP changes to the hostname and whenever the IP changes the DNS name change too !

Details:

This is the No-IP.com Dynamic DNS update client page. We offer these clients for you to download free of charge. The clients are available for Linux/Unix, MacOS, and Windows.

When configured correctly, the client will check your IP address at a given time interval checking to see if your IP has changed. If your IP address has changed it will notify our dns servers and update the IP corresponding to your No-IP/No-IP+ hostname.

http://www.no-ip.com/downloads.php

sincerely

Patrick

New Member

Re: ssh to PIX outside interface (DHCP)

I found the problem. It is the india ISP who use 24online service that may cause the problem.

134
Views
0
Helpful
4
Replies