07-10-2007 03:01 AM - edited 03-11-2019 03:42 AM
I have few computers behind PIX 501. Few of them has no access to internet (access-list inside line 1 deny ip host 192.168.1.10 etc) and others have full access. Now I want to give some of those denied computers an SSH access to outside. I have tried
access-list inside line 6 permit tcp host 192.168.1.10 eq ssh any eq ssh
, but SSH-client says Connection Refused. Do I need some other access-rules or is the problem somewhere else?
Solved! Go to Solution.
07-10-2007 05:29 AM
You need to have the permit line before the deny line.
access-list inside permit tcp host 192.168.1.10 any eq ssh
access-list inside deny ip host 192.168.1.10 any
Please rate helpful posts.
07-10-2007 03:43 AM
Hi
Source port may not be 22, depends on the client coding. Change your ACL line to:
access-list inside line 6 permit tcp host 192.168.1.10 any eq ssh
07-10-2007 05:28 AM
That change didn't seem to work. It seems that outbound connection works, but inbound doesnt. access-list inside line 1 deny ip host 192.168.1.10 gets hits when i try to SSH out from the computer.
07-10-2007 05:29 AM
You need to have the permit line before the deny line.
access-list inside permit tcp host 192.168.1.10 any eq ssh
access-list inside deny ip host 192.168.1.10 any
Please rate helpful posts.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide