Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
449
Views
0
Helpful
6
Replies

PIX SSH on DMZ

sachinraja
Level 9
Level 9

‎09-04-2004 11:14 PM - edited ‎02-20-2020 11:36 PM

Hi...

I'm trying to do SSH to the PIX via the DMZ port. I'm able to connect to the PIX through SSH from the same DMZ LAN, but not from any other LAN connected to the DMZ. Network reachability to the DMZ interface from the other LAN is fine.

Is this the normal behaviour of PIX. Cant I SSH from any other LAN connected onto the DMZ/Inside ? what is the solution for this ?

eg- PIX DMZ - 1.1.1.1

am able to do SSH from 1.1.1.2, but not from 10.10.10.10, which is connected through a router in the DMZ.

0 Helpful
6 Replies 6

lyes.ouarti
Level 1
Level 1

‎09-05-2004 08:44 AM

hi,

this is easy,

you have to add this command:

conf t

ssh 0 0 dmz

this allow all machine to access the pix with ssh.

but i am not sure it's secure.

let us know if it works.

0 Helpful

sachinraja
Level 9
Level 9
In response to lyes.ouarti

‎09-06-2004 12:56 AM

it doesnt !! I had actually allowed ssh through the PC's static IP on the PIX. I had also opened ssh 0 0 dmz now. still it doesnt work.

when i do a debug ssh, there is no request coming onto the PIX.

i had regenerated the ca key , still no requests onto the PIX. I'm actually not able to telnet to the DMZ interface on port 22.

Any suggestions ?

0 Helpful

a.awan
Level 4
Level 4
In response to sachinraja

‎09-06-2004 01:17 AM

Do you have a route defined on the PIX for the subnet you are trying to establish an SSH session from? Also does the remote device know how to get to the PIX? Have you tried pinging to the PIX from this device?

0 Helpful

sachinraja
Level 9
Level 9
In response to a.awan

‎09-06-2004 01:40 AM

of course !!! am able to ping the PIX DMZ interface from the PC. This is the basic thing. How can one miss out in this ?

0 Helpful

a.awan
Level 4
Level 4
In response to sachinraja

‎09-06-2004 01:46 AM

Just monitor this forum for a while and you will find out why i asked this question. Did not mean to offend you but sometimes people tend to miss out on very important things while posting their questions.

0 Helpful

sachinraja
Level 9
Level 9
In response to a.awan

‎09-06-2004 01:58 AM

no problems awan. seems to be a bit strange problem.

Ip connectivity and everything seems to be fine. actually there is a VPN concentrator which comes in between this device and the PIX DMZ. we are statically routing in this 3030.

let me be clear on my setup.

PIX DMZ - VPN 3030 - Network management PC.

From the PIX DMZ local subnet,am able to do SSH, but not from the LAN specified above (which connects to 3030). NO problems in routing.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card