SSH problem
impelse
Member Posts: 1,237 ■■■■□□□□□□
OK.
I follow this instructions from Cisco's web site:
Hostname PixFirewall
domain-name mydomain.com
aaa authentication ssh console LOCAL
password xxxxxx
crypto key generate rsa modulus 1024
ssh 0.0.0.0 0.0.0.0 outside
ssh 0.0.0.0 0.0.0.0 inside
I can login using ssh from the inside network but I never login from the outside network, the software does not say anything, does not do anything eather.
What do you recommend.
I did a L2TP over IPSec configuration and is working now but this to control the firewall from remote satation did not work.
I tried to put specific ip address for the outside network and it's the same.
Sugestion please.
I follow this instructions from Cisco's web site:
Hostname PixFirewall
domain-name mydomain.com
aaa authentication ssh console LOCAL
password xxxxxx
crypto key generate rsa modulus 1024
ssh 0.0.0.0 0.0.0.0 outside
ssh 0.0.0.0 0.0.0.0 inside
I can login using ssh from the inside network but I never login from the outside network, the software does not say anything, does not do anything eather.
What do you recommend.
I did a L2TP over IPSec configuration and is working now but this to control the firewall from remote satation did not work.
I tried to put specific ip address for the outside network and it's the same.
Sugestion please.
Stop RDP Brute Force Attack with our RDP Firewall : http://www.thehost1.com
It is your personal IPS to stop the attack.
It is your personal IPS to stop the attack.
Comments
Otherwise it all looks about right for what little I know about a Pix.
It is your personal IPS to stop the attack.
If you don't get anything when you debug, is it a direct connect between the test PC and the outside interface? Any ACLs in the path that may be stopping the SSH traffic?
I created a static access-list and works fine with the port that I wanted to open, but not with ssh.
Raul
It is your personal IPS to stop the attack.
If you want to use management tools/protocols on a PIX/ASA terminating the VPN you are using to connect you need to specify a management-access interface. The easiest and best way to do this is to use the inside interface, always using the inside interface when using a private subnet (as should be assigned by your VPN) avoids getting confused with actually SSH'ing to the outside without the VPN. So, if it is the case that you are trying to SSH after VPN'ing in then enter the following:
management-access inside
After this telnet/ssh/http/snmp/syslog etc. will all work to the inside interface when VPN'd in. One oddity is that if you are using SNMP and Syslog where you normally specify a host-server and local interface to use you need to specify the Inside interface even if they are technically over the VPN terminating on your Outside interface. Fun
Sorry if I have gotten your situation wrong but it's a wee bit confusing right now as the wording does not make it explicitly clear if you are trying to use the Outside interface from inside or outside your VPN Tunnel.
When I said I am vpning means that I can stablish connection with the ASA.
I tried to use ssh without vpn or anything in case I need to check something from my home or from another office. I used ssh with the Pix 501 (software v6.1) and still works, but when I installed in one office the ASA 5510 (software v7.2) and ssh works inside but not outside.
I really do not need to control the ASA from another site right now but I could need it in the future in case that I am out of the main office.
Raul
It is your personal IPS to stop the attack.