Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

SSH

I'm wanting to allow the internal network to connect to the router, but I believe my PIX is prohibiting this. I'm running PIX version 6.3(2) and here's the layout, which is typical:

Inside -> PIX (515E) -> Router (2600) -> Internet

TIA.

5 REPLIES
New Member

Re: SSH

mcvosi,

Do you have any access-list configured in your pix blocking outbound traffic from your LAN? If so add a line before the deny statement of the access-list "access-list xxx permit tcp host (workstation IP)host (2600 IP) eq 22.

New Member

Re: SSH

No, currently all outbound connections from the LAN are unrestricted. That's why this puzzles me.

New Member

Re: SSH

dumb question, but is the router configured right...is there a DES/3DES license installed on it...do a show version and verify DES or 3DES is enabled

New Member

Re: SSH

Well, thanks for the replies but it seems the nut behind the wheel wasn't secured properly. I forgot to assign the transport to a vty. Doh! It's definitely a Monday! :-)

New Member

Re: SSH

you can NAT the inside ip with a Public ip and it will allow you telnet. Apply the following command.

static (inside,outside) natip nattedip netmak 255.255.255.255

access-list acl_outside permit tcp host natted ip host natip eq telnet

here where natip is the inside lan ip

natted ip public ip

112
Views
0
Helpful
5
Replies
CreatePlease to create content