Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
443
Views
0
Helpful
1
Replies

Allowing SSH in the PIX firewall

kmchoong
Level 1
Level 1

‎05-19-2005 06:23 PM - edited ‎02-21-2020 12:09 AM

I am using a PIX firewall. The external IP address is 203.11.1.1 and Internal IP is 192.168.10.3

How do I allow PC connected to the internal segment be able to ssh into PIX firewall? Thank you.

0 Helpful
1 Reply 1

a.kiprawih
Level 7
Level 7

‎05-19-2005 10:42 PM

Hi,

To allow ssh, either from inside or outside, the following must be configured in your PIX:

1. Hostname

2. Domain name

3. Generate rsa key (and save it using "ca save all")

4. Configure allowed ssh host(s)

5. Set ssh timeout (optional)

Example

firewall(config)# hostname MYFW01

MYFW01(config)# domain-name abc.edu

MYFW01(config)# ca generate rsa key 512 (can also use 1024)

Keypair generation process begin.

Success.

MYFW01(config)#sh ca mypubkey rsa

% Key pair was generated at: 18:13:07 XXX May 19 2005

Key name: MYFW01.abc.com

Usage: General Purpose Key

Key Data:

xxxx

MYFW01(config)# ca save all

MYFW01(config)# ssh 192.168.10.x 255.255.255.255 inside

MYFW01(config)# ssh 192.168.10.y 255.255.255.255 inside

MYFW01(config)# ssh timeout 10 --------> (default is 5 min)

Beside SSH, you can now use HTTPS to access your PIX. The additional task is to configure "http", as follow:

MYFW01(config)# http server enable

MYFW01(config)# http 192.168.10.x 255.255.255.255 inside

To allow SSH or HTTPS access from outside/external network, use the same "ssh" or "https" command but replace

the keyword "inside" with "outside".

Rgds,

AK

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card