what do I do on PIX for ssh passthrough

WAYNE MOORE · ‎06-26-2003

Hi there first time trying to do this but I what I need to do is allow ssh (port 22) through my PIX I tried to use fixup but it doesnt like the ssh as a port. What I would like to do is be on the inside of the PIX and access ssh on the outside. It sounds simple but maybe I am just too thick to figure it out.

thanks!!!!

Wayne

osam · ‎06-26-2003

Try the following..

conduit permit tcp any eq ssh any

or if you wanna be more specific,

conduit permit tcp eq ssh any

Make sure to have your internal host statically translated.. lets say, you have an internal host of 192.168.1.50 and an outside network of 200.200.200.0/24. You can do this,

static (inside, outside) 200.200.200.50 192.168.1.50

conduit permit tcp 200.200.200.50 eq ssh any

You should be ok once you do that.

Let me know how it goes..

WAYNE MOORE · ‎06-26-2003

does it know what ssh is?? I typed the first one in (conduit permit tcp any eq ssh any) and it says type Help of '?' for a list of available commands..

although if I type conduit ? it gives me the syntax..

I am running Pix 515E with 6.1(4)

if I wanted to go from the inside out would it be

conduit permit tcp any eq ssh (address or subnet of gear to be ssh'ed to) ? but still the issue of couduit not working.........

osam · ‎06-26-2003

It should recognize it.. but anyhow, replace it with port 22 anyway and try again.

WAYNE MOORE · ‎06-26-2003

yeah thats what I was thinking .... substituting it for 22 didnt give me an error so thats good ... Do you think

conduit permit tcp any eq 22 192.168.100.0

would work to let me ssh from inside to outside on the 192.168.100.0 network??

oddly enought that still didnt work but I also have a Cisco 3550 and a Cisco 2620 between the outside of the pix and the 192.168.100.0 to contend with

Thanks!!!

Wayne