Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

what do I do on PIX for ssh passthrough

Hi there first time trying to do this but I what I need to do is allow ssh (port 22) through my PIX I tried to use fixup but it doesnt like the ssh as a port. What I would like to do is be on the inside of the PIX and access ssh on the outside. It sounds simple but maybe I am just too thick to figure it out.

thanks!!!!

Wayne

4 REPLIES
New Member

Re: what do I do on PIX for ssh passthrough

Try the following..

conduit permit tcp any eq ssh any

or if you wanna be more specific,

conduit permit tcp eq ssh any

Make sure to have your internal host statically translated.. lets say, you have an internal host of 192.168.1.50 and an outside network of 200.200.200.0/24. You can do this,

static (inside, outside) 200.200.200.50 192.168.1.50

conduit permit tcp 200.200.200.50 eq ssh any

You should be ok once you do that.

Let me know how it goes..

New Member

Re: what do I do on PIX for ssh passthrough

does it know what ssh is?? I typed the first one in (conduit permit tcp any eq ssh any) and it says type Help of '?' for a list of available commands..

although if I type conduit ? it gives me the syntax..

I am running Pix 515E with 6.1(4)

if I wanted to go from the inside out would it be

conduit permit tcp any eq ssh (address or subnet of gear to be ssh'ed to) ? but still the issue of couduit not working.........

New Member

Re: what do I do on PIX for ssh passthrough

It should recognize it.. but anyhow, replace it with port 22 anyway and try again.

New Member

Re: what do I do on PIX for ssh passthrough

yeah thats what I was thinking .... substituting it for 22 didnt give me an error so thats good ... Do you think

conduit permit tcp any eq 22 192.168.100.0

would work to let me ssh from inside to outside on the 192.168.100.0 network??

oddly enought that still didnt work but I also have a Cisco 3550 and a Cisco 2620 between the outside of the pix and the 192.168.100.0 to contend with

Thanks!!!

Wayne

189
Views
8
Helpful
4
Replies