Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Can't ssh on pix from outside interface

I am using s/w ver 7.0(4).

The config for ssh is:

crypto key generate rsa modulus 1024

wr mem

ssh a.b.c.d 255.255.255.255 outside

but it's not working.

Plz help

1 ACCEPTED SOLUTION

Accepted Solutions
Green

Re: Can't ssh on pix from outside interface

Yes, if your outside interface is mapped to y.y.y.y then you will not be able to ssh to x.x.x.x as it will be forwarding this to y.y.y.y.

You could change from a 1 to 1 static to port address translation for each particular port you need forwarded to y.y.y.y.

Please rate helpful posts.

14 REPLIES

Re: Can't ssh on pix from outside interface

Hi ,

Config looks ok to me.

In order to access the Pix from the outside interface you need this: Ssh ?ip address? ?netmask? outside.

As an example I using my ip address:

Ssh 200.9.49.66 255.255.255.255 outside.

If you want to provide access but you do not know the ip then: Ssh 0 0 outside.

Make sure that there no access list blocking ssh.

Finally try reloading the box.

Regards,

~JG

New Member

Re: Can't ssh on pix from outside interface

Thanks JG for comments.

I have tried all these options but :(

Is there any alternate way to access PIX from outside interface?

??

New Member

Re: Can't ssh on pix from outside interface

Hi,

use this command in addition to your command.

aaa authentication ssh console LOCAL

also create local username & password like

username cisco password cisco privilege 0

download putty & enjoy ssh to your pix

use the username & password u created to login through your ssh client

if still not work ,let me know

if work,pl rate this

Regards

Re: Can't ssh on pix from outside interface

I would like to see the running config from the box.

Regards,

New Member

Re: Can't ssh on pix from outside interface

ca generate rsa key 1024

show ca mypubkey rsa

ca save all

ssh 10.x.x.1 255.255.255.255 outside

ssh timeout 60

wr mem

or

ssh a.b.c.d 255.255.255.255 outside.dcp. Depend on your model and config. Hope this help.

Eric

New Member

Re: Can't ssh on pix from outside interface

tried all but nops.

Not successful. I have done the same several times & it works, but ...

Any other idea?? OR any other alternative?

New Member

Re: Can't ssh on pix from outside interface

Can it be the issue of IOS?

New Member

Re: Can't ssh on pix from outside interface

version 7.x should be fine.

Try ACL allowing outside ssh host access.

access-list OUTSIDE extended permit ip 192.168.1.x 255.255.255.0 any eq ssh, etc etc.

or

management-access outside or inside >> I think.

E

New Member

Re: Can't ssh on pix from outside interface

Can you post the sh run

New Member

Re: Can't ssh on pix from outside interface

access-list outside extended permit ip any any

is allowed already on outside interface.

Green

Re: Can't ssh on pix from outside interface

Do you by chance have a 1 to 1 static using the outside interface?

Also, you do not need to allow this traffic in an acl.

New Member

Re: Can't ssh on pix from outside interface

yup exactly.

static map is there.

static (inside, outside) x.x.x.x y.y.y.y netmask 255.255.255.255

Will it interrupt anything?

Green

Re: Can't ssh on pix from outside interface

Yes, if your outside interface is mapped to y.y.y.y then you will not be able to ssh to x.x.x.x as it will be forwarding this to y.y.y.y.

You could change from a 1 to 1 static to port address translation for each particular port you need forwarded to y.y.y.y.

Please rate helpful posts.

New Member

Re: Can't ssh on pix from outside interface

That works.

Thanks

364
Views
0
Helpful
14
Replies