08-01-2007 10:53 AM
Hi,
I am new to firewalls,
I have a PIX 515E with VPN on it.
I want one of my VPN clients to ssh to an internal server.
the VPN connection gets established and is fine.But when I open an SSH session it shows remote host down.I get the correct IP pool address.I can access the server using remote desktop connection when I give full access for the server using IP protocol.
Below is the configuration and access-list i have implemented for the same.
access-list acl_test permit tcp host 10.0.0.55 host 192.168.x.x eq ssh
vpngroup test address-pool abc
vpngroup test split-tunnel acl_test
vpngroup test idle-time 1800
vpngroup test password ********
10.0.0.55 is my VPN client
and my server is in 192.168.x.x range
08-01-2007 11:27 AM
You need to performe following steps:
hostname(config)# crypto key generate rsa modulus 1024
hostname(config)# write mem
hostname(config)# ssh 192.168.1.2 255.255.255.255 inside
hostname(config)# ssh 192.168.1.2 255.255.255.255 inside
hostname(config)# ssh timeout 30
Try instead of INSIDE ... Outside also.
Regards,
Dharmesh Purohit
08-01-2007 11:52 AM
That would help if he was trying to ssh to the pix.
Zaheer, split tunnel acl's are usually not extended or port based access-lists. If you want to filter the vpn traffic there are other ways to do that. What version are you running?
08-01-2007 10:24 PM
I am running ver 6.3(3)
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: