Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
429
Views
0
Helpful
2
Replies

Linksys firewall behind PIX

hregensr
Level 1
Level 1

‎03-07-2003 12:17 PM - edited ‎02-20-2020 10:36 PM

I have a client that has a linksys firewall setup at his workstation (Don't ask why, you don't want to know). He needs to pass SSH traffic to his workstation. I have a acl configured and a static configured for his IP to pass the port 22 traffic to his "external" linksys address. He has the linksys configured to pass port 22 traffic to his internal workstation.

When he is behind the pix with a natted IP this does not work, I just get a connection refused. When i place him outside the firewall with a routable IP everything works fine. Is this a problem with TCP sequencing? Can this be disabled?

Thanks!

0 Helpful
2 Replies 2

mostiguy
Level 6
Level 6

‎03-10-2003 07:26 AM

1. Your client is a donkey, take off your shoe and beat him with it.

2. Given his donkey status, I must question whether he is actually running a ssh daemon. Only a ssh daemon (server) needs to be accessible via tcp 22. If he is runninng a ssh daemon, is he running a unix like os? If so, run ipchains, PF, or IPF on it.

0 Helpful

shannong
Level 4
Level 4

‎03-10-2003 05:13 PM

Sometimes dual NAT can be an issue as the Pix will randomize TCP sequence numbers for added security for hosts with weak IP stacks. (read Windows).

This can be disabled per static statement with the [norandomseq] keyword at the end.

And don't forget to follow the other poster's reply as he's dead on. For both step 1 and step 2. ;)

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card