https://community.cisco.com/t5/network-security/winscp-throught-pix-fiewall/m-p/312425#M553544 <HTML><HEAD></HEAD><BODY><P>I'm pretty sure SSH works differently to FTP so you don't need to worry about fixups. Although SSH comes with SCP and SFTP, i believe SFTP is just an interface to make SCP look like tradional FTP and nothing else.</P><P></P><P>So if you need to allow SSH inbound then just open up your outside access-list for tcp 22 to your destination hosts.</P><P></P><P>HTH</P><P>PD</P></BODY></HTML> Tue, 21 Dec 2004 15:03:01 GMT paddyxdoyle 2004-12-21T15:03:01Z https://community.cisco.com/t5/network-security/winscp-throught-pix-fiewall/m-p/312424#M553537 <P>I am trying to use a program WinSCP throught a pix 515. The application uses port 22 which is SSH so is kind of FTP over SSH. </P><P></P><P>The problem I have is how do I enable this, do I uses fixup ftp on port 22? will the firewall see ftp traffic or SSH encrypted traffic. How do I deal with the return traffic as it's on a different port.</P><P></P><P>Any help would be appreciated</P><P></P><P>Thanks,</P><P></P><P>Stafford</P> Fri, 21 Feb 2020 07:49:15 GMT https://community.cisco.com/t5/network-security/winscp-throught-pix-fiewall/m-p/312424#M553537 stafford.slater 2020-02-21T07:49:15Z https://community.cisco.com/t5/network-security/winscp-throught-pix-fiewall/m-p/312425#M553544 <HTML><HEAD></HEAD><BODY><P>I'm pretty sure SSH works differently to FTP so you don't need to worry about fixups. Although SSH comes with SCP and SFTP, i believe SFTP is just an interface to make SCP look like tradional FTP and nothing else.</P><P></P><P>So if you need to allow SSH inbound then just open up your outside access-list for tcp 22 to your destination hosts.</P><P></P><P>HTH</P><P>PD</P></BODY></HTML> Tue, 21 Dec 2004 15:03:01 GMT https://community.cisco.com/t5/network-security/winscp-throught-pix-fiewall/m-p/312425#M553544 paddyxdoyle 2004-12-21T15:03:01Z https://community.cisco.com/t5/network-security/winscp-throught-pix-fiewall/m-p/312426#M553554 <HTML><HEAD></HEAD><BODY><P>It should just work, no fixups necessary. If you want to enable scp for access from the outside, then you would need to open tcp port 22, just like any other port. The PIX, while supporting ssh for management, is scp/ssh/sftp unaware for fixups - not that it has any real need to be, as those should not need more than one port (with the exception of sftp, because a lot of people call things sftp and there is no real standard)</P></BODY></HTML> Tue, 21 Dec 2004 18:51:43 GMT https://community.cisco.com/t5/network-security/winscp-throught-pix-fiewall/m-p/312426#M553554 mostiguy 2004-12-21T18:51:43Z